Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cb89Ti1Mib.exe

Overview

General Information

Sample name:Cb89Ti1Mib.exe
renamed because original name is a hash value
Original sample name:cee06b304216429050308d9d812d8a0a80820f407dc7f97d39bb47408301ad4a.exe
Analysis ID:1577187
MD5:4757d7ca97fb782ae87932fb66204a34
SHA1:a6a4cb3617809362a61f34ebbf901d7c9169e551
SHA256:cee06b304216429050308d9d812d8a0a80820f407dc7f97d39bb47408301ad4a
Tags:130-193-51-109exeuser-JAMESWT_MHT
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Uses known network protocols on non-standard ports
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Cb89Ti1Mib.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\Cb89Ti1Mib.exe" MD5: 4757D7CA97FB782AE87932FB66204A34)
    • Cb89Ti1Mib.exe (PID: 7404 cmdline: "C:\Users\user\Desktop\Cb89Ti1Mib.exe" MD5: 4757D7CA97FB782AE87932FB66204A34)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Cb89Ti1Mib.exeReversingLabs: Detection: 15%
Source: Cb89Ti1Mib.exeVirustotal: Detection: 25%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.6% probability
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1A41
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD1181
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD13DE
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FF8E7DD2577
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E44809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E44809
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD136B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E18810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8E7E18810
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE47F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DE47F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD17DF
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE4790 CRYPTO_get_ex_new_index,2_2_00007FF8E7DE4790
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E4A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E4A770
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD22D4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1771 CRYPTO_free,2_2_00007FF8E7DD1771
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD17E9
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8E7DD1CA3
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E30700 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8E7E30700
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E366E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8E7E366E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E426E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FF8E7E426E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7DD26AD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E186D0 OPENSSL_cleanse,CRYPTO_free,2_2_00007FF8E7E186D0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD14CE
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD241E
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8E7DD114F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8E7DD1212
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E18620 CRYPTO_free,2_2_00007FF8E7E18620
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DEA600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8E7DEA600
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FF8E7DD120D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DFE5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8E7DFE5E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E125D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8E7E125D0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1E5A0 CRYPTO_free,2_2_00007FF8E7E1E5A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD1488
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1E540 CRYPTO_free,2_2_00007FF8E7E1E540
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E34540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E34540
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD1492
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E42510 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E7E42510
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7DD1F23
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD84B0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8E7DD84B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD18B6
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1A0F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD139D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE43A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8E7DE43A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FF8E7DD25EF
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF0380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8E7DF0380
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E28350 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E7E28350
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8E7DD23D8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD4300
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E422F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7E422F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8E7DD2180
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E4A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8E7E4A2C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8E7DD1B54
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD1401
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1E260 CRYPTO_free,2_2_00007FF8E7E1E260
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD198D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DEE227 CRYPTO_THREAD_write_lock,2_2_00007FF8E7DEE227
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E14230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8E7E14230
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E12230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8E7E12230
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD1389
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1E200 CRYPTO_free,2_2_00007FF8E7E1E200
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE21F0 CRYPTO_THREAD_run_once,2_2_00007FF8E7DE21F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF21C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8E7DF21C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1140 CRYPTO_free,2_2_00007FF8E7DD1140
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E34110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8E7E34110
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8E7DD1262
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DFD0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8E7DFD0C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E3B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E3B0D0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E210C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7E210C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD2121
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDF060 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7DDF060
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8E7DD1B90
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8E7DD1393
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD4FA0 CRYPTO_free,2_2_00007FF8E7DD4FA0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2374 CRYPTO_free,2_2_00007FF8E7DD2374
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E32F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8E7E32F60
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD1677
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E26E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E26E70
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E20E50 CRYPTO_memcmp,2_2_00007FF8E7E20E50
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8E7DD105F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8E7DD1E65
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8E7DD195B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDCDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8E7DDCDC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E08D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7E08D90
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7DD1A23
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD21E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8E7DD21E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E30D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7E30D30
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DFCD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FF8E7DFCD30
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF8D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8E7DF8D10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8E7DD2112
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E3ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E3ACD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD11A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8E7DD11A9
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E26C40 CRYPTO_realloc,2_2_00007FF8E7E26C40
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E04C28 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8E7E04C28
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DEEC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8E7DEEC00
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E12C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7E12C10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1F87
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD4BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD4BD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD2464
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DECB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DECB40
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DFEB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8E7DFEB40
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8E7DD213F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD4B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD4B10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FF8E7DD110E
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E18A90 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8E7E18A90
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD117C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD20E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD20E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1A32
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE4980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FF8E7DE4980
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE6990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FF8E7DE6990
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7DD1811
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DEE948 CRYPTO_free,2_2_00007FF8E7DEE948
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E3A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8E7E3A930
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD2365
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD17F8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8E7DD1A05
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1B31
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E2F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E7E2F8F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8E7DD2590
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FF8E7DD1B18
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E338A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FF8E7E338A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF5870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DF5870
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FF8E7DD586A
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1846
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E39850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E39850
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8E7DD11DB
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD19E7 CRYPTO_free,2_2_00007FF8E7DD19E7
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FF8E7DD162C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E47820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E47820
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDF7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8E7DDF7F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE97B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7DE97B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7DD1582
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E49790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FF8E7E49790
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8E7DD108C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E27770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E27770
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DFD750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8E7DFD750
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE7730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8E7DE7730
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FF8E7DD1087
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD25D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8E7DD25D6
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FF8E7DD176C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD2522
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E2F660 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7E2F660
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FF8E7DD1646
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E135E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E135E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDF540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FF8E7DDF540
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E45540 CRYPTO_memcmp,2_2_00007FF8E7E45540
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD12CB CRYPTO_THREAD_run_once,2_2_00007FF8E7DD12CB
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE14E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8E7DE14E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E1F490
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD193D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD1023
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E03460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E03460
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E33420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FF8E7E33420
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E19370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8E7E19370
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD11BD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD1ACD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FF8E7DD144C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD1ED8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1992
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDD2E1 CRYPTO_free,2_2_00007FF8E7DDD2E1
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FF8E7E1D2F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8E7DD1997
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E212E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8E7E212E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FF8E7DD230B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E152A0 CRYPTO_free,2_2_00007FF8E7E152A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8E7DD155A
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDB200 CRYPTO_clear_free,2_2_00007FF8E7DDB200
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1483
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E33210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8E7E33210
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FF8E7DD111D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD20EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD20EF
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E3D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FF8E7E3D170
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDD140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DDD140
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E31126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8E7E31126
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD24C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8E7DD24C8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD26DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FF8E7DD26DF
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1E0C1 CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E1E0C1
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1893
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E280A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7E280A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1AB4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1E040 CRYPTO_free,2_2_00007FF8E7E1E040
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E04000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7E04000
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD103C CRYPTO_malloc,COMP_expand_block,2_2_00007FF8E7DD103C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FF8E7DDDFB2
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8E7DD1D8E
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E41F70 CRYPTO_memcmp,2_2_00007FF8E7E41F70
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1EDD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD1AC3
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2027 CRYPTO_free,2_2_00007FF8E7DD2027
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD236F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E49F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E49F10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DDDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DDDEC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DEBEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7DEBEC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD3EB0 CRYPTO_free,2_2_00007FF8E7DD3EB0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8E7DD5E80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD24E6
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF1E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8E7DF1E60
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD16A4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD1CE9
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DD15E6
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE5D80 CRYPTO_THREAD_run_once,2_2_00007FF8E7DE5D80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E33D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8E7E33D30
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1CBC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD1F50
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF5CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DF5CF0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7DD19DD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E27CD0 CRYPTO_memcmp,2_2_00007FF8E7E27CD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8E7DD1F37
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8E7DD5C53
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8E7DD1361
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8E7DD1CEE
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8E7DD150F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD267B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD23E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7DD23E7
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8E7DD222A
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E3BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E3BB70
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8E7E1DB60
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE3B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8E7DE3B30
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E35B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8E7E35B10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8E7DE5B10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF5AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8E7DF5AE0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1DAF0 CRYPTO_free,2_2_00007FF8E7E1DAF0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8E7DD13D9
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DD23EC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8E7DD1C53
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E27A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8E7E27A40
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD271B CRYPTO_free,CRYPTO_strdup,2_2_00007FF8E7DD271B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8E7DD1A16
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8E7DE5A10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF59F0 CRYPTO_free,CRYPTO_free,2_2_00007FF8E7DF59F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8E7DD204A
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE7980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8E7DE7980
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD107D CRYPTO_free,2_2_00007FF8E7DD107D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8E7DD1D84
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B4F20 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,2_2_00007FF8E83B4F20
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B51D4 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,2_2_00007FF8E83B51D4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D018E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,2_2_00007FF8F0D018E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D06244 CRYPTO_memcmp,2_2_00007FF8F0D06244
Source: Cb89Ti1Mib.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2621740607.00007FF8E7A44000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2619428218.00007FF8E712F000.00000002.00000001.01000000.0000000F.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: Cb89Ti1Mib.exe, 00000002.00000002.2620305317.00007FF8E7581000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623486110.00007FF8F0D07000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: Cb89Ti1Mib.exe, 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2622956713.00007FF8E834C000.00000002.00000001.01000000.00000011.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623829734.00007FF8F9183000.00000002.00000001.01000000.0000000C.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2622956713.00007FF8E834C000.00000002.00000001.01000000.00000011.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623159719.00007FF8E836D000.00000002.00000001.01000000.00000010.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1367604654.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623659751.00007FF8F8753000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: Cb89Ti1Mib.exe, 00000002.00000002.2620305317.00007FF8E74E9000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: Cb89Ti1Mib.exe, 00000000.00000003.1367604654.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623659751.00007FF8F8753000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2620305317.00007FF8E7581000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8592F0 FindFirstFileExW,FindClose,0_2_00007FF7DE8592F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8718E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7DE8718E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8583B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7DE8583B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8592F0 FindFirstFileExW,FindClose,2_2_00007FF7DE8592F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8718E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7DE8718E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8583B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7DE8583B0

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 3000
Source: global trafficTCP traffic: 192.168.2.9:49722 -> 130.193.51.109:3000
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A96260 recv,2_2_00007FF8F7A96260
Source: unknownHTTP traffic detected: POST /receive_info HTTP/1.1Host: 130.193.51.109:3000User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-aliveContent-Length: 173Content-Type: application/json
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528884000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390053451.00000205284CC000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205284CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617199725.0000020527D90000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2618950954.0000020528AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://130.193.51.109:3000/receive_info
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618950954.0000020528AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://130.193.51.109:3000/receive_info0Y
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl(
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlw
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528551000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618650148.0000020528890000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528390000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205283F3000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.00000205283F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.0000020528182000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528182000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388392055.0000020528182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esh
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528488000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/=yC
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htmR
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528551000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1373632717.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1370968131.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: Cb89Ti1Mib.exe, 00000002.00000003.1386533056.00000205283D0000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: Cb89Ti1Mib.exe, 00000002.00000003.1380885899.0000020528046000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052803A000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.000002052802C000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.00000205279E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617199725.0000020527D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617199725.0000020527D90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617624022.0000020528190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618772648.00000205289D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: Cb89Ti1Mib.exe, 00000002.00000003.1381635785.00000205280B8000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1381303837.00000205280F6000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1381102120.00000205280F6000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1381275641.0000020528069000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.000002052809B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617624022.0000020528190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.000002052809B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618650148.0000020528890000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A58000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205284F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.0000020528013000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.00000205280CA000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617282935.0000020527E90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2621740607.00007FF8E7A44000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://peps.python.org/pep-0263/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.0000020528013000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A58000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: Cb89Ti1Mib.exe, 00000002.00000003.1388488548.00000205280F9000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.00000205280F9000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.000002052809B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528884000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: Cb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528790000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: Cb89Ti1Mib.exe, 00000002.00000003.1388810352.000002052845D000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN
Source: Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2621456466.00007FF8E762A000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.0000020528013000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.00000205280CA000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2616860350.00000205279E0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: Cb89Ti1Mib.exe, 00000002.00000002.2622130870.00007FF8E7BBC000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2621740607.00007FF8E7A44000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drString found in binary or memory: https://www.python.org/psf/license/)
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8510000_2_00007FF7DE851000
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE858BD00_2_00007FF7DE858BD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE875C700_2_00007FF7DE875C70
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8769D40_2_00007FF7DE8769D4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8617B00_2_00007FF7DE8617B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8797980_2_00007FF7DE879798
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE861FD00_2_00007FF7DE861FD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8688040_2_00007FF7DE868804
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE86DF600_2_00007FF7DE86DF60
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8718E40_2_00007FF7DE8718E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8598700_2_00007FF7DE859870
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE865DA00_2_00007FF7DE865DA0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE861DC40_2_00007FF7DE861DC4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE86E5E00_2_00007FF7DE86E5E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8636100_2_00007FF7DE863610
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85AD1D0_2_00007FF7DE85AD1D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE875EEC0_2_00007FF7DE875EEC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE869F100_2_00007FF7DE869F10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE861BC00_2_00007FF7DE861BC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85A34B0_2_00007FF7DE85A34B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85A4E40_2_00007FF7DE85A4E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8764880_2_00007FF7DE876488
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8709380_2_00007FF7DE870938
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE862C800_2_00007FF7DE862C80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE873C800_2_00007FF7DE873C80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8619B40_2_00007FF7DE8619B4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8621D40_2_00007FF7DE8621D4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE863A140_2_00007FF7DE863A14
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE87411C0_2_00007FF7DE87411C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8681540_2_00007FF7DE868154
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8709380_2_00007FF7DE870938
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE86DACC0_2_00007FF7DE86DACC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8510002_2_00007FF7DE851000
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8769D42_2_00007FF7DE8769D4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8617B02_2_00007FF7DE8617B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8797982_2_00007FF7DE879798
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE861FD02_2_00007FF7DE861FD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8688042_2_00007FF7DE868804
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE86DF602_2_00007FF7DE86DF60
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8718E42_2_00007FF7DE8718E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8598702_2_00007FF7DE859870
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE865DA02_2_00007FF7DE865DA0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE861DC42_2_00007FF7DE861DC4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE86E5E02_2_00007FF7DE86E5E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8636102_2_00007FF7DE863610
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE85AD1D2_2_00007FF7DE85AD1D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE875EEC2_2_00007FF7DE875EEC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE869F102_2_00007FF7DE869F10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE858BD02_2_00007FF7DE858BD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE861BC02_2_00007FF7DE861BC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE85A34B2_2_00007FF7DE85A34B
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE85A4E42_2_00007FF7DE85A4E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE875C702_2_00007FF7DE875C70
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8764882_2_00007FF7DE876488
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8709382_2_00007FF7DE870938
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE862C802_2_00007FF7DE862C80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE873C802_2_00007FF7DE873C80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8619B42_2_00007FF7DE8619B4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8621D42_2_00007FF7DE8621D4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE863A142_2_00007FF7DE863A14
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE87411C2_2_00007FF7DE87411C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8681542_2_00007FF7DE868154
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8709382_2_00007FF7DE870938
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE86DACC2_2_00007FF7DE86DACC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E70218A02_2_00007FF8E70218A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E70212F02_2_00007FF8E70212F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD13DE2_2_00007FF8E7DD13DE
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD143D2_2_00007FF8E7DD143D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E426E02_2_00007FF8E7E426E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD86302_2_00007FF8E7DD8630
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD16FE2_2_00007FF8E7DD16FE
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E3C5302_2_00007FF8E7E3C530
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1A0F2_2_00007FF8E7DD1A0F
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E083F02_2_00007FF8E7E083F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1B542_2_00007FF8E7DD1B54
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD116D2_2_00007FF8E7DD116D
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DE70B02_2_00007FF8E7DE70B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1C122_2_00007FF8E7DD1C12
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD21C12_2_00007FF8E7DD21C1
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD149C2_2_00007FF8E7DD149C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD24D72_2_00007FF8E7DD24D7
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD117C2_2_00007FF8E7DD117C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD26122_2_00007FF8E7DD2612
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD26FD2_2_00007FF8E7DD26FD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD16182_2_00007FF8E7DD1618
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD17F82_2_00007FF8E7DD17F8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD15462_2_00007FF8E7DD1546
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1D7C02_2_00007FF8E7E1D7C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E157702_2_00007FF8E7E15770
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DFB7002_2_00007FF8E7DFB700
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1FD72_2_00007FF8E7DD1FD7
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E193702_2_00007FF8E7E19370
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E1D2F02_2_00007FF8E7E1D2F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD155A2_2_00007FF8E7DD155A
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1D8E2_2_00007FF8E7DD1D8E
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1EDD2_2_00007FF8E7DD1EDD
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1CBC2_2_00007FF8E7DD1CBC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF5CF02_2_00007FF8E7DF5CF0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD1AD72_2_00007FF8E7DD1AD7
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7E49B302_2_00007FF8E7E49B30
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD21DF2_2_00007FF8E7DD21DF
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD15962_2_00007FF8E7DD1596
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83312B02_2_00007FF8E83312B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83353602_2_00007FF8E8335360
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8331BA02_2_00007FF8E8331BA0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8338CD02_2_00007FF8E8338CD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8335C902_2_00007FF8E8335C90
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83325202_2_00007FF8E8332520
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8336E502_2_00007FF8E8336E50
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8332FD02_2_00007FF8E8332FD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E833F8BC2_2_00007FF8E833F8BC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83661002_2_00007FF8E8366100
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8362F002_2_00007FF8E8362F00
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8363F102_2_00007FF8E8363F10
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83610002_2_00007FF8E8361000
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E836C8BC2_2_00007FF8E836C8BC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8363C802_2_00007FF8E8363C80
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E838C7302_2_00007FF8E838C730
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8390F902_2_00007FF8E8390F90
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B99C02_2_00007FF8E83B99C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B9DBC2_2_00007FF8E83B9DBC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B85A82_2_00007FF8E83B85A8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B52E02_2_00007FF8E83B52E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83BBAE82_2_00007FF8E83BBAE8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B5AB42_2_00007FF8E83B5AB4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B8CAC2_2_00007FF8E83B8CAC
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D018E02_2_00007FF8F0D018E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D012B02_2_00007FF8F0D012B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D010002_2_00007FF8F0D01000
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A912202_2_00007FF8F7A91220
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A93AD02_2_00007FF8F7A93AD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F8747CA02_2_00007FF8F8747CA0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7DD1325 appears 477 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E8383870 appears 51 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF7DE852710 appears 104 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7E4C93D appears 69 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7E4C265 appears 48 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E83838F0 appears 116 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF7DE852910 appears 34 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7E4C931 appears 39 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7E4C181 appears 1188 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7E4C16F appears 335 times
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: String function: 00007FF8E7E4C17B appears 38 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1367604654.000001864AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1368478088.000001864AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1369351591.000001864AA80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exeBinary or memory string: OriginalFilename vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623698200.00007FF8F8759000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623519919.00007FF8F0D0E000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamelibsslH vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623197754.00007FF8E8372000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2619619323.00007FF8E7134000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2622695079.00007FF8E7CE5000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623866607.00007FF8F9186000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2621456466.00007FF8E762A000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623019650.00007FF8E8355000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs Cb89Ti1Mib.exe
Source: Cb89Ti1Mib.exe, 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs Cb89Ti1Mib.exe
Source: classification engineClassification label: mal60.troj.winEXE@3/17@0/1
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482Jump to behavior
Source: Cb89Ti1Mib.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Cb89Ti1Mib.exeReversingLabs: Detection: 15%
Source: Cb89Ti1Mib.exeVirustotal: Detection: 25%
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile read: C:\Users\user\Desktop\Cb89Ti1Mib.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Cb89Ti1Mib.exe "C:\Users\user\Desktop\Cb89Ti1Mib.exe"
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeProcess created: C:\Users\user\Desktop\Cb89Ti1Mib.exe "C:\Users\user\Desktop\Cb89Ti1Mib.exe"
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeProcess created: C:\Users\user\Desktop\Cb89Ti1Mib.exe "C:\Users\user\Desktop\Cb89Ti1Mib.exe"Jump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeSection loaded: wintypes.dllJump to behavior
Source: Cb89Ti1Mib.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Cb89Ti1Mib.exeStatic file information: File size 8537036 > 1048576
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Cb89Ti1Mib.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Cb89Ti1Mib.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1374968192.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2621740607.00007FF8E7A44000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: Cb89Ti1Mib.exe, 00000000.00000002.2616621643.000001864AA8F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000000.00000003.1375340332.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2619428218.00007FF8E712F000.00000002.00000001.01000000.0000000F.sdmp, unicodedata.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: Cb89Ti1Mib.exe, 00000002.00000002.2620305317.00007FF8E7581000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1368799609.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623486110.00007FF8F0D07000.00000002.00000001.01000000.0000000B.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: Cb89Ti1Mib.exe, 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2622956713.00007FF8E834C000.00000002.00000001.01000000.00000011.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1369120103.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623829734.00007FF8F9183000.00000002.00000001.01000000.0000000C.sdmp, _queue.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1368963423.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2622956713.00007FF8E834C000.00000002.00000001.01000000.00000011.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1367830181.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623159719.00007FF8E836D000.00000002.00000001.01000000.00000010.sdmp, _bz2.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1367604654.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623659751.00007FF8F8753000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: Cb89Ti1Mib.exe, 00000002.00000002.2620305317.00007FF8E74E9000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: Cb89Ti1Mib.exe, 00000000.00000003.1367604654.000001864AA7F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623659751.00007FF8F8753000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2620305317.00007FF8E7581000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: Cb89Ti1Mib.exe, 00000000.00000003.1369214325.000001864AA80000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmp, libssl-3.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: Cb89Ti1Mib.exe, 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmp, _ssl.pyd.0.dr
Source: Cb89Ti1Mib.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Cb89Ti1Mib.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Cb89Ti1Mib.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Cb89Ti1Mib.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Cb89Ti1Mib.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DF4021 push rcx; ret 2_2_00007FF8E7DF4022
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E833D3E8 push rbp; iretd 2_2_00007FF8E833D3ED

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeProcess created: "C:\Users\user\Desktop\Cb89Ti1Mib.exe"
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73482\_hashlib.pydJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 3000
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE855820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7DE855820
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17269
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeAPI coverage: 1.5 %
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8592F0 FindFirstFileExW,FindClose,0_2_00007FF7DE8592F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8718E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7DE8718E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8583B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7DE8583B0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8592F0 FindFirstFileExW,FindClose,2_2_00007FF7DE8592F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8718E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF7DE8718E4
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE8583B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7DE8583B0
Source: Cb89Ti1Mib.exe, 00000000.00000003.1370001490.000001864AA81000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE86A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7DE86A684
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8734F0 GetProcessHeap,0_2_00007FF7DE8734F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7DE85C910
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE86A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7DE86A684
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85D37C SetUnhandledExceptionFilter,0_2_00007FF7DE85D37C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7DE85D19C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE85C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7DE85C910
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE86A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7DE86A684
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE85D37C SetUnhandledExceptionFilter,2_2_00007FF7DE85D37C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF7DE85D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7DE85D19C
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7023068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E7023068
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7022AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E7022AA0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E7DD2126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E7DD2126
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8343CE0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E8343CE0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8343710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E8343710
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E836AB08 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E836AB08
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E836A0C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E836A0C0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83942E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E83942E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E8394898 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E8394898
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B30E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8E83B30E8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8E83B26A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8E83B26A0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D04090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8F0D04090
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F0D04660 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8F0D04660
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A93398 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8F7A93398
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A92DD0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8F7A92DD0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F8750AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8F8750AA8
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F8CA19E0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8F8CA19E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F8CA1420 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8F8CA1420
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F91814F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8F91814F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F9181AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8F9181AC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F93F1AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8F93F1AC0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F93F14F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8F93F14F0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeProcess created: C:\Users\user\Desktop\Cb89Ti1Mib.exe "C:\Users\user\Desktop\Cb89Ti1Mib.exe"Jump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE8795E0 cpuid 0_2_00007FF7DE8795E0
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeQueries volume information: C:\Users\user\Desktop\Cb89Ti1Mib.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE85D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7DE85D080
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 0_2_00007FF7DE875C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7DE875C70
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A95074 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FF8F7A95074
Source: C:\Users\user\Desktop\Cb89Ti1Mib.exeCode function: 2_2_00007FF8F7A96078 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FF8F7A96078

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS22
System Information Discovery		Distributed Component Object ModelInput Capture1
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging1
Application Layer Protocol		Scheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Cb89Ti1Mib.exe16%ReversingLabsWin64.Malware.Generic
Cb89Ti1Mib.exe25%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI73482\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73482\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/00%Avira URL Cloudsafe
http://130.193.51.109:3000/receive_info0%Avira URL Cloudsafe
http://ocsp.accv.esh0%Avira URL Cloudsafe
http://repository.swisssign.com/=yC0%Avira URL Cloudsafe
http://130.193.51.109:3000/receive_info0Y0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://130.193.51.109:3000/receive_infofalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://google.com/Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://mahler:8092/site-updates.pyCb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.00000205280CA000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://crl.securetrust.com/SGCA.crlCb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://.../back.jpegCb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528884000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390053451.00000205284CC000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205284CC000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://tools.ietf.org/html/rfc7231#section-4.3.6)Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.000002052809B000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.python.org/download/releases/2.3/mro/.Cb89Ti1Mib.exe, 00000002.00000002.2616860350.00000205279E0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                		high
                https://httpbin.org/postCb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.0000020528013000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsNCb89Ti1Mib.exe, 00000002.00000003.1388810352.000002052845D000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528441000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceCb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/Ousret/charset_normalizerCb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.firmaprofesional.com/cps0Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ocsp.accv.eshCb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specCb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#Cb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/urllib3/urllib3/issues/2920Cb89Ti1Mib.exe, 00000002.00000002.2618650148.0000020528890000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://crl.securetrust.com/SGCA.crl0Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataCb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://yahoo.com/Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.securetrust.com/STCA.crl0Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://tools.ietf.org/html/rfc2388#section-4.4Cb89Ti1Mib.exe, 00000002.00000003.1388488548.00000205280F9000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.00000205280F9000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64Cb89Ti1Mib.exe, 00000002.00000003.1380885899.0000020528046000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052803A000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.000002052802C000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6Cb89Ti1Mib.exe, 00000002.00000003.1386533056.00000205283D0000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528390000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://html.spec.whatwg.org/multipage/Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528441000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.accv.es/legislacion_c.htmRCb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.quovadisglobal.com/cps0Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlCb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsCb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963Cb89Ti1Mib.exe, 00000002.00000002.2617624022.0000020528190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://requests.readthedocs.ioCb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.0000020528013000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A58000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://peps.python.org/pep-0205/Cb89Ti1Mib.exe, 00000002.00000002.2617282935.0000020527E90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                              		high
                                                              http://crl.dhimyotis.com/certignarootca.crlCb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://curl.haxx.se/rfc/cookie_spec.htmlCb89Ti1Mib.exe, 00000002.00000002.2618650148.0000020528890000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528390000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://ocsp.accv.esCb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://wwww.certigna.fr/autorites/0Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://repository.swisssign.com/Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528488000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameCb89Ti1Mib.exe, 00000002.00000002.2616860350.00000205279E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyCb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528884000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688Cb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://httpbin.org/getCb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A58000.00000004.00001000.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205284F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://crl.xrampsecurity.com/XGCA.crlCb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528551000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.python.orgCb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.0000020528013000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.accv.es/legislacion_c.htm0UCb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeCb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://wwww.certigna.fr/autorites/0mCb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ocsp.accv.es0Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.python.org/Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.00000205280CA000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerCb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/python/cpython/issues/86361.Cb89Ti1Mib.exe, 00000002.00000003.1381635785.00000205280B8000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1381303837.00000205280F6000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1381102120.00000205280F6000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1381275641.0000020528069000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1382582211.000002052809B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://json.orgCb89Ti1Mib.exe, 00000002.00000003.1388864609.0000020528010000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://httpbin.org/Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://wwww.certigna.fr/autorites/Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://repository.swisssign.com/=yCCb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleCb89Ti1Mib.exe, 00000002.00000002.2617199725.0000020527D90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packageCb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesCb89Ti1Mib.exe, 00000002.00000002.2617199725.0000020527D90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://twitter.com/Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.quovadisglobal.com/cpsCb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390407049.0000020528182000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528182000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388392055.0000020528182000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_moduleCb89Ti1Mib.exe, 00000002.00000002.2616860350.0000020527A5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syCb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://google.com/Cb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://google.com/mail/Cb89Ti1Mib.exe, 00000002.00000002.2617110150.0000020527B50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.python.org/psf/license/Cb89Ti1Mib.exe, 00000002.00000002.2622130870.00007FF8E7BBC000.00000008.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                                                            		high
                                                                                                                            http://google.com/mail/Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205283F3000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.00000205283F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.securetrust.com/STCA.crlCb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://wwwsearch.sf.net/):Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528390000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.accv.es/legislacion_c.htmCb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://tools.ietf.org/html/rfc6125#section-6.4.3Cb89Ti1Mib.exe, 00000002.00000002.2618556663.0000020528790000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://crl.xrampsecurity.com/XGCA.crl0Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.openssl.org/HCb89Ti1Mib.exe, 00000000.00000003.1372817899.000001864AA83000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2621456466.00007FF8E762A000.00000002.00000001.01000000.00000009.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drfalse
                                                                                                                                            		high
                                                                                                                                            http://crl.certigna.fr/certignarootca.crl01Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.00000205280F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.cert.fnmt.es/dpcs/Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528551000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.python.org/3/library/socket.html#socket.socket.connect_exCb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://google.com/mailCb89Ti1Mib.exe, 00000002.00000003.1389785081.0000020528141000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020527F90000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617774210.0000020528411000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388488548.0000020528148000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1386533056.0000020528422000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1390219080.0000020527FFE000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.0000020528141000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.accv.es00Cb89Ti1Mib.exe, 00000002.00000002.2617774210.00000205285E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.python.org/psf/license/)Cb89Ti1Mib.exe, 00000002.00000002.2621740607.00007FF8E7A44000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyCb89Ti1Mib.exe, 00000002.00000002.2616664793.00000205261C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyCb89Ti1Mib.exe, 00000002.00000002.2618772648.0000020528A80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://130.193.51.109:3000/receive_info0YCb89Ti1Mib.exe, 00000002.00000002.2618950954.0000020528AF4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://peps.python.org/pep-0263/Cb89Ti1Mib.exe, 00000002.00000002.2621740607.00007FF8E7A44000.00000002.00000001.01000000.00000004.sdmp, python312.dll.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://foss.heptapod.net/pypy/pypy/-/issues/3539Cb89Ti1Mib.exe, 00000002.00000002.2617624022.0000020528190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.Cb89Ti1Mib.exe, 00000002.00000003.1389785081.000002052809B000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000002.2617365388.000002052802F000.00000004.00000020.00020000.00000000.sdmp, Cb89Ti1Mib.exe, 00000002.00000003.1388864609.000002052809B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/psf/requests/pull/6710Cb89Ti1Mib.exe, 00000002.00000002.2618772648.00000205289D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    130.193.51.109
                                                                                                                                                                    		unknownRussian Federation
                                                                                                                                                                    		200350YANDEXCLOUDRUfalse

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1577187
                                                                                                                                                                    Start date and time:2024-12-18 08:49:18 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 7m 29s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:7
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample name:Cb89Ti1Mib.exe
                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                    Original Sample Name:cee06b304216429050308d9d812d8a0a80820f407dc7f97d39bb47408301ad4a.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal60.troj.winEXE@3/17@0/1
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    No simulations

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    No context

                                                                                                                                                                    Domains

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    s-part-0035.t-0009.t-msedge.netWErY5oc4hl.ps1Get hashmaliciousXWormBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    NLXwvLjXPh.ps1Get hashmaliciousXWormBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    vsuotNfeN7.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//docs.google.com/drawings/d/1GBvP8EGp9_63LeC_UMSYm_dkcuk4Q6yrMmrOzMDg_wk/preview?pli=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    https://pdf-ezy.com/pdf-ezy.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VURUlLQURGTlFGTEQ0QzdESlFMT1lGUlpRWi4u&sharetoken=rKEHIuU7H8od3T6m0C0ZGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    https://drive.google.com/file/d/1t3oVTU9WVeXXW61-QBDfjBrcece1DEFY/view?usp=sharingGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    http://office.yacivt.com/wriEcFSZGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    • 13.107.246.63
                                                                                                                                                                    https://1drv.ms/w/c/17cc1e7b64547fa0/ER4uyAUCto9GkfZ_Sw-4_NAB9TeJj_jWV9oRzb3kdQINFQ?e=4%3aaVtPRh&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 13.107.246.63

                                                                                                                                                                    ASNs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    YANDEXCLOUDRUSecuriteInfo.com.Win32.Trojan-Downloader.Generic.9UTDDY.27958.1932.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                    • 84.201.150.223
                                                                                                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.15798.11018.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                    • 84.201.150.223
                                                                                                                                                                    http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 130.193.42.23
                                                                                                                                                                    http://vidaliaonion.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 130.193.53.230
                                                                                                                                                                    Vt5wr1Hj3H.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 178.154.229.200
                                                                                                                                                                    https://faq-kak.ru/kak-najti-svoyu-biblioteku-v-steam/Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 130.193.58.13
                                                                                                                                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 84.201.130.205
                                                                                                                                                                    http://paypal.6887xyyz.biz.id/Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 130.193.53.144
                                                                                                                                                                    file.exeGet hashmaliciousRaccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                                    • 130.193.51.105
                                                                                                                                                                    file.exeGet hashmaliciousDarkTortilla, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                                    • 130.193.51.105

                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                    No context

                                                                                                                                                                    Dropped Files

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI73482\VCRUNTIME140.dllfWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse
                                                                                                                                                                      fbc5UlsRXq.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        5SkF9LFhB3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          WUD0WG3OdV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            98Y05R2rTb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              aLsxeH29P2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                c9a6BV0eQO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    0jNz7djbpp.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                      7EznMik8Fw.exeGet hashmaliciousPython StealerBrowse

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\VCRUNTIME140.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):119192
                                                                                                                                                                                        Entropy (8bit):6.6016214745004635
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                        MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                        SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                        SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                        SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                        • Filename: fWAr4zGUkY.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: fbc5UlsRXq.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 5SkF9LFhB3.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: WUD0WG3OdV.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 98Y05R2rTb.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: aLsxeH29P2.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: c9a6BV0eQO.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: , Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 0jNz7djbpp.exe, Detection: malicious, Browse
                                                                                                                                                                                        • Filename: 7EznMik8Fw.exe, Detection: malicious, Browse
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_bz2.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):84760
                                                                                                                                                                                        Entropy (8bit):6.5874715807724025
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                        MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                        SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                        SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                        SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_decimal.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):252696
                                                                                                                                                                                        Entropy (8bit):6.564448148079112
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                        MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                        SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                        SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                        SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_hashlib.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):65816
                                                                                                                                                                                        Entropy (8bit):6.242741772115205
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                        MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                        SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                        SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                        SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_lzma.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):159512
                                                                                                                                                                                        Entropy (8bit):6.846323229710623
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                        MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                        SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                        SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                        SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_queue.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):32536
                                                                                                                                                                                        Entropy (8bit):6.4674944702653665
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                        MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                        SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                        SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                        SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_socket.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):83224
                                                                                                                                                                                        Entropy (8bit):6.338326324626716
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                        MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                        SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                        SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                        SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\_ssl.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):177432
                                                                                                                                                                                        Entropy (8bit):5.976892131161338
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                        MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                        SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                        SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                        SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\base_library.zip

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1332263
                                                                                                                                                                                        Entropy (8bit):5.5864610174712706
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjtgkV+dmmPHHz1dF6sF7aYcea:uttcY+UHCiCAd+mq+dmmPnz4waYcea
                                                                                                                                                                                        MD5:0CD72BCBFCA52707A1FD52F6038B6020
                                                                                                                                                                                        SHA1:BBEA1763F250143804905F719D88ED2710C23DB3
                                                                                                                                                                                        SHA-256:66FD3CE5401FEAC826504CEB1BBF3AF3E8B41702BBA03A6C91289DF59228C368
                                                                                                                                                                                        SHA-512:4FB8F17EA900B243BCD1042E5300238E7D1B03FA2B74E3F4FFABA9B6A181BF6F81A6903B816BA524B9AFB78586A9C6167ACC4071CF009ED5FF4EF295B06FB96B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\certifi\cacert.pem

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):292541
                                                                                                                                                                                        Entropy (8bit):6.048162209044241
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                        MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                        SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                        SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                        SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                        Entropy (8bit):4.817893239381772
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:192:MRv9XFCk2z1/t12iwU5usJFcCyD9cqgE:aVVC5djuUFJKtgE
                                                                                                                                                                                        MD5:71D96F1DBFCD6F767D81F8254E572751
                                                                                                                                                                                        SHA1:E70B74430500ED5117547E0CD339D6E6F4613503
                                                                                                                                                                                        SHA-256:611E1B4B9ED6788640F550771744D83E404432830BB8E3063F0B8EC3B98911AF
                                                                                                                                                                                        SHA-512:7B10E13B3723DB0E826B7C7A52090DE999626D5FA6C8F9B4630FDEEF515A58C40660FA90589532A6D4377F003B3CB5B9851E276A0B3C83B9709E28E6A66A1D32
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):124928
                                                                                                                                                                                        Entropy (8bit):5.935676608756784
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:1536:BETt3OiaqGB7QNX6Pq4a461TDqFRgMzrOH+d3gdy2iIeP/j3bhouROm:Bmt+is7QNqP1ab1TGb9g/iI4bhouROm
                                                                                                                                                                                        MD5:D8F690EAE02332A6898E9C8B983C56DD
                                                                                                                                                                                        SHA1:112C1FE25E0D948F767E02F291801C0E4AE592F0
                                                                                                                                                                                        SHA-256:C6BB8CAD80B8D7847C52931F11D73BA64F78615218398B2C058F9B218FF21CA9
                                                                                                                                                                                        SHA-512:E732F79F39BA9721CC59DBE8C4785FFD74DF84CA00D13D72AFA3F96B97B8C7ADF4EA9344D79EE2A1C77D58EF28D3DDCC855F3CB13EDDA928C17B1158ABCC5B4A
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........B.......................................0............`.............................................d.................................... ......@...................................@............P...............................text....>.......@.................. ..`.rdata..PY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\libcrypto-3.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):5191960
                                                                                                                                                                                        Entropy (8bit):5.962142634441191
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                        MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                        SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                        SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                        SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\libssl-3.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):787224
                                                                                                                                                                                        Entropy (8bit):5.609561366841894
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                        MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                        SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                        SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                        SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\python312.dll

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):7009048
                                                                                                                                                                                        Entropy (8bit):5.7826778751744685
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                        MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                        SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                        SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                        SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\select.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):30488
                                                                                                                                                                                        Entropy (8bit):6.582548725691534
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                        MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                        SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                        SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                        SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI73482\unicodedata.pyd

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1137944
                                                                                                                                                                                        Entropy (8bit):5.462202215180296
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                        MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                        SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                        SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                        SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                        Entropy (8bit):7.9867269845022255
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:Cb89Ti1Mib.exe
                                                                                                                                                                                        File size:8'537'036 bytes
                                                                                                                                                                                        MD5:4757d7ca97fb782ae87932fb66204a34
                                                                                                                                                                                        SHA1:a6a4cb3617809362a61f34ebbf901d7c9169e551
                                                                                                                                                                                        SHA256:cee06b304216429050308d9d812d8a0a80820f407dc7f97d39bb47408301ad4a
                                                                                                                                                                                        SHA512:ba0176bfcc36f67ee590fd3efda7abe843d9990fb6dfef0b1725577ce79678bab245f9de18edc154d3b0332b75d852723c3486bdc0e49a5bc6b8b2c4ac321cab
                                                                                                                                                                                        SSDEEP:196608:Hp78rI0A1HeT39IigQ7vKub75bcjWgbkzfLAkjCWlEOt:p88N1+TtIiL7vB5IjWqkzpX
                                                                                                                                                                                        TLSH:A586335473F71CFAD9F6523582A28856EE72B78A27B3CA8B17780191DF072934E35720
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:391d8c069399743a

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x14000ce20
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x675AF6E7 [Thu Dec 12 14:44:55 2024 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                        call 00007F8CB073917Ch
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                        jmp 00007F8CB0738D9Fh
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                        call 00007F8CB0739548h
                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                        je 00007F8CB0738F43h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                        jmp 00007F8CB0738F27h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                        je 00007F8CB0738F36h
                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                        jne 00007F8CB0738F10h
                                                                                                                                                                                        xor al, al
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                        ret
                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                        jmp 00007F8CB0738F19h
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                        test ecx, ecx
                                                                                                                                                                                        jne 00007F8CB0738F29h
                                                                                                                                                                                        mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                        call 00007F8CB0738675h
                                                                                                                                                                                        call 00007F8CB0739960h
                                                                                                                                                                                        test al, al
                                                                                                                                                                                        jne 00007F8CB0738F26h
                                                                                                                                                                                        xor al, al
                                                                                                                                                                                        jmp 00007F8CB0738F36h
                                                                                                                                                                                        call 00007F8CB074647Fh
                                                                                                                                                                                        test al, al
                                                                                                                                                                                        jne 00007F8CB0738F2Bh
                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                        call 00007F8CB0739970h
                                                                                                                                                                                        jmp 00007F8CB0738F0Ch
                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                        ret
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        inc eax
                                                                                                                                                                                        push ebx
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                        cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                        jne 00007F8CB0738F89h
                                                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                                                        jnbe 00007F8CB0738F8Ch
                                                                                                                                                                                        call 00007F8CB07394BEh
                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                        je 00007F8CB0738F4Ah
                                                                                                                                                                                        test ebx, ebx
                                                                                                                                                                                        jne 00007F8CB0738F46h
                                                                                                                                                                                        dec eax
                                                                                                                                                                                        lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                        call 00007F8CB0746272h

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xeeb8.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x764.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rdata0x2b0000x12a280x12c0071dab74e87a55c57785eacdaeeae34aaFalse0.5242838541666667data5.7507984288291265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rsrc0x470000xeeb80xf00084086ada0a1865a4173ecccf4a690c02False0.038167317708333336data2.343477032023029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x560000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                        RT_ICON0x470e80xe8acDevice independent bitmap graphic, 225 x 450 x 8, image size 51300, 256 important colors0.024964743804982877
                                                                                                                                                                                        RT_GROUP_ICON0x559940x14data1.15
                                                                                                                                                                                        RT_MANIFEST0x559a80x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                        KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                        ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                        GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Dec 18, 2024 08:50:21.075751066 CET497223000192.168.2.9130.193.51.109
                                                                                                                                                                                        Dec 18, 2024 08:50:21.196995974 CET300049722130.193.51.109192.168.2.9
                                                                                                                                                                                        Dec 18, 2024 08:50:21.197757959 CET497223000192.168.2.9130.193.51.109
                                                                                                                                                                                        Dec 18, 2024 08:50:21.199611902 CET497223000192.168.2.9130.193.51.109
                                                                                                                                                                                        Dec 18, 2024 08:50:21.199711084 CET497223000192.168.2.9130.193.51.109
                                                                                                                                                                                        Dec 18, 2024 08:50:21.319336891 CET300049722130.193.51.109192.168.2.9
                                                                                                                                                                                        Dec 18, 2024 08:50:21.319375992 CET300049722130.193.51.109192.168.2.9
                                                                                                                                                                                        Dec 18, 2024 08:50:23.489912033 CET300049722130.193.51.109192.168.2.9
                                                                                                                                                                                        Dec 18, 2024 08:50:23.490022898 CET497223000192.168.2.9130.193.51.109
                                                                                                                                                                                        Dec 18, 2024 08:50:23.490257978 CET497223000192.168.2.9130.193.51.109
                                                                                                                                                                                        Dec 18, 2024 08:50:23.610389948 CET300049722130.193.51.109192.168.2.9

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Dec 18, 2024 08:50:13.035195112 CET1.1.1.1192.168.2.90xdcdaNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                        Dec 18, 2024 08:50:13.035195112 CET1.1.1.1192.168.2.90xdcdaNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • 130.193.51.109:3000

                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.949722130.193.51.10930007404C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        Dec 18, 2024 08:50:21.199611902 CET216OUTPOST /receive_info HTTP/1.1
                                                                                                                                                                                        Host: 130.193.51.109:3000
                                                                                                                                                                                        User-Agent: python-requests/2.32.3
                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                        Content-Length: 173
                                                                                                                                                                                        Content-Type: application/json


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:02:50:16
                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Cb89Ti1Mib.exe"
                                                                                                                                                                                        Imagebase:0x7ff7de850000
                                                                                                                                                                                        File size:8'537'036 bytes
                                                                                                                                                                                        MD5 hash:4757D7CA97FB782AE87932FB66204A34
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:02:50:17
                                                                                                                                                                                        Start date:18/12/2024
                                                                                                                                                                                        Path:C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Cb89Ti1Mib.exe"
                                                                                                                                                                                        Imagebase:0x7ff7de850000
                                                                                                                                                                                        File size:8'537'036 bytes
                                                                                                                                                                                        MD5 hash:4757D7CA97FB782AE87932FB66204A34
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:8.7%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                          Signature Coverage:20.1%
                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                          Total number of Limit Nodes:28
                                                                                                                                                                                          execution_graph 15937 7ff7de85ccac 15958 7ff7de85ce7c 15937->15958 15940 7ff7de85cdf8 16112 7ff7de85d19c IsProcessorFeaturePresent 15940->16112 15941 7ff7de85ccc8 __scrt_acquire_startup_lock 15943 7ff7de85ce02 15941->15943 15950 7ff7de85cce6 __scrt_release_startup_lock 15941->15950 15944 7ff7de85d19c 7 API calls 15943->15944 15946 7ff7de85ce0d __GetCurrentState 15944->15946 15945 7ff7de85cd0b 15947 7ff7de85cd91 15964 7ff7de85d2e4 15947->15964 15949 7ff7de85cd96 15967 7ff7de851000 15949->15967 15950->15945 15950->15947 16101 7ff7de869b9c 15950->16101 15955 7ff7de85cdb9 15955->15946 16108 7ff7de85d000 15955->16108 15959 7ff7de85ce84 15958->15959 15960 7ff7de85ce90 __scrt_dllmain_crt_thread_attach 15959->15960 15961 7ff7de85ce9d 15960->15961 15963 7ff7de85ccc0 15960->15963 15961->15963 16119 7ff7de85d8f8 15961->16119 15963->15940 15963->15941 16146 7ff7de87a540 15964->16146 15966 7ff7de85d2fb GetStartupInfoW 15966->15949 15968 7ff7de851009 15967->15968 16148 7ff7de8654f4 15968->16148 15970 7ff7de8537fb 16155 7ff7de8536b0 15970->16155 15976 7ff7de85391b 16324 7ff7de8545b0 15976->16324 15977 7ff7de85383c 16315 7ff7de851c80 15977->16315 15981 7ff7de85385b 16227 7ff7de858a20 15981->16227 15984 7ff7de85396a 16347 7ff7de852710 15984->16347 15986 7ff7de85388e 15994 7ff7de8538bb __std_exception_destroy 15986->15994 16319 7ff7de858b90 15986->16319 15988 7ff7de85395d 15989 7ff7de853984 15988->15989 15990 7ff7de853962 15988->15990 15992 7ff7de851c80 49 API calls 15989->15992 16343 7ff7de8600bc 15990->16343 15995 7ff7de8539a3 15992->15995 15996 7ff7de858a20 14 API calls 15994->15996 16003 7ff7de8538de __std_exception_destroy 15994->16003 16000 7ff7de851950 115 API calls 15995->16000 15996->16003 15998 7ff7de853a0b 15999 7ff7de858b90 40 API calls 15998->15999 16001 7ff7de853a17 15999->16001 16002 7ff7de8539ce 16000->16002 16004 7ff7de858b90 40 API calls 16001->16004 16002->15981 16005 7ff7de8539de 16002->16005 16009 7ff7de85390e __std_exception_destroy 16003->16009 16358 7ff7de858b30 16003->16358 16006 7ff7de853a23 16004->16006 16007 7ff7de852710 54 API calls 16005->16007 16008 7ff7de858b90 40 API calls 16006->16008 16090 7ff7de853808 __std_exception_destroy 16007->16090 16008->16009 16010 7ff7de858a20 14 API calls 16009->16010 16011 7ff7de853a3b 16010->16011 16012 7ff7de853b2f 16011->16012 16013 7ff7de853a60 __std_exception_destroy 16011->16013 16014 7ff7de852710 54 API calls 16012->16014 16015 7ff7de858b30 40 API calls 16013->16015 16026 7ff7de853aab 16013->16026 16014->16090 16015->16026 16016 7ff7de858a20 14 API calls 16017 7ff7de853bf4 __std_exception_destroy 16016->16017 16018 7ff7de853c46 16017->16018 16019 7ff7de853d41 16017->16019 16020 7ff7de853cd4 16018->16020 16021 7ff7de853c50 16018->16021 16374 7ff7de8544d0 16019->16374 16024 7ff7de858a20 14 API calls 16020->16024 16240 7ff7de8590e0 16021->16240 16028 7ff7de853ce0 16024->16028 16025 7ff7de853d4f 16029 7ff7de853d65 16025->16029 16030 7ff7de853d71 16025->16030 16026->16016 16031 7ff7de853c61 16028->16031 16034 7ff7de853ced 16028->16034 16377 7ff7de854620 16029->16377 16033 7ff7de851c80 49 API calls 16030->16033 16037 7ff7de852710 54 API calls 16031->16037 16043 7ff7de853cc8 __std_exception_destroy 16033->16043 16038 7ff7de851c80 49 API calls 16034->16038 16037->16090 16041 7ff7de853d0b 16038->16041 16039 7ff7de853dc4 16290 7ff7de859400 16039->16290 16041->16043 16044 7ff7de853d12 16041->16044 16042 7ff7de853dd7 SetDllDirectoryW 16048 7ff7de853e0a 16042->16048 16092 7ff7de853e5a 16042->16092 16043->16039 16045 7ff7de853da7 SetDllDirectoryW LoadLibraryExW 16043->16045 16047 7ff7de852710 54 API calls 16044->16047 16045->16039 16047->16090 16050 7ff7de858a20 14 API calls 16048->16050 16049 7ff7de853ffc 16052 7ff7de854029 16049->16052 16053 7ff7de854006 PostMessageW GetMessageW 16049->16053 16057 7ff7de853e16 __std_exception_destroy 16050->16057 16051 7ff7de853f1b 16295 7ff7de8533c0 16051->16295 16454 7ff7de853360 16052->16454 16053->16052 16060 7ff7de853ef2 16057->16060 16064 7ff7de853e4e 16057->16064 16063 7ff7de858b30 40 API calls 16060->16063 16063->16092 16064->16092 16380 7ff7de856db0 16064->16380 16365 7ff7de85c5c0 16090->16365 16092->16049 16092->16051 16102 7ff7de869bb3 16101->16102 16103 7ff7de869bd4 16101->16103 16102->15947 18690 7ff7de86a448 16103->18690 16106 7ff7de85d328 GetModuleHandleW 16107 7ff7de85d339 16106->16107 16107->15955 16109 7ff7de85d011 16108->16109 16110 7ff7de85cdd0 16109->16110 16111 7ff7de85d8f8 7 API calls 16109->16111 16110->15945 16111->16110 16113 7ff7de85d1c2 _isindst memcpy_s 16112->16113 16114 7ff7de85d1e1 RtlCaptureContext RtlLookupFunctionEntry 16113->16114 16115 7ff7de85d20a RtlVirtualUnwind 16114->16115 16116 7ff7de85d246 memcpy_s 16114->16116 16115->16116 16117 7ff7de85d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16116->16117 16118 7ff7de85d2c6 _isindst 16117->16118 16118->15943 16120 7ff7de85d90a 16119->16120 16121 7ff7de85d900 16119->16121 16120->15963 16125 7ff7de85dc94 16121->16125 16126 7ff7de85dca3 16125->16126 16127 7ff7de85d905 16125->16127 16133 7ff7de85ded0 16126->16133 16129 7ff7de85dd00 16127->16129 16130 7ff7de85dd2b 16129->16130 16131 7ff7de85dd0e DeleteCriticalSection 16130->16131 16132 7ff7de85dd2f 16130->16132 16131->16130 16132->16120 16137 7ff7de85dd38 16133->16137 16138 7ff7de85de22 TlsFree 16137->16138 16144 7ff7de85dd7c __vcrt_FlsAlloc 16137->16144 16139 7ff7de85ddaa LoadLibraryExW 16141 7ff7de85ddcb GetLastError 16139->16141 16142 7ff7de85de49 16139->16142 16140 7ff7de85de69 GetProcAddress 16140->16138 16141->16144 16142->16140 16143 7ff7de85de60 FreeLibrary 16142->16143 16143->16140 16144->16138 16144->16139 16144->16140 16145 7ff7de85dded LoadLibraryExW 16144->16145 16145->16142 16145->16144 16147 7ff7de87a530 16146->16147 16147->15966 16147->16147 16151 7ff7de86f4f0 16148->16151 16149 7ff7de86f543 16467 7ff7de86a884 16149->16467 16151->16149 16153 7ff7de86f596 16151->16153 16152 7ff7de86f56c 16152->15970 16477 7ff7de86f3c8 16153->16477 16584 7ff7de85c8c0 16155->16584 16158 7ff7de8536eb GetLastError 16591 7ff7de852c50 16158->16591 16159 7ff7de853710 16586 7ff7de8592f0 FindFirstFileExW 16159->16586 16163 7ff7de85377d 16617 7ff7de8594b0 16163->16617 16164 7ff7de853723 16606 7ff7de859370 CreateFileW 16164->16606 16166 7ff7de85c5c0 _log10_special 8 API calls 16169 7ff7de8537b5 16166->16169 16169->16090 16177 7ff7de851950 16169->16177 16170 7ff7de85378b 16173 7ff7de852810 49 API calls 16170->16173 16176 7ff7de853706 16170->16176 16171 7ff7de853734 16609 7ff7de852810 16171->16609 16173->16176 16175 7ff7de85374c __vcrt_FlsAlloc 16175->16163 16176->16166 16178 7ff7de8545b0 108 API calls 16177->16178 16179 7ff7de851985 16178->16179 16180 7ff7de851c43 16179->16180 16181 7ff7de857f80 83 API calls 16179->16181 16182 7ff7de85c5c0 _log10_special 8 API calls 16180->16182 16183 7ff7de8519cb 16181->16183 16184 7ff7de851c5e 16182->16184 16226 7ff7de851a03 16183->16226 17022 7ff7de860744 16183->17022 16184->15976 16184->15977 16186 7ff7de8600bc 74 API calls 16186->16180 16187 7ff7de8519e5 16188 7ff7de851a08 16187->16188 16189 7ff7de8519e9 16187->16189 17026 7ff7de86040c 16188->17026 16191 7ff7de864f78 _get_daylight 11 API calls 16189->16191 16193 7ff7de8519ee 16191->16193 17029 7ff7de852910 16193->17029 16194 7ff7de851a45 16200 7ff7de851a7b 16194->16200 16201 7ff7de851a5c 16194->16201 16195 7ff7de851a26 16197 7ff7de864f78 _get_daylight 11 API calls 16195->16197 16198 7ff7de851a2b 16197->16198 16199 7ff7de852910 54 API calls 16198->16199 16199->16226 16202 7ff7de851c80 49 API calls 16200->16202 16203 7ff7de864f78 _get_daylight 11 API calls 16201->16203 16204 7ff7de851a92 16202->16204 16205 7ff7de851a61 16203->16205 16206 7ff7de851c80 49 API calls 16204->16206 16207 7ff7de852910 54 API calls 16205->16207 16208 7ff7de851add 16206->16208 16207->16226 16209 7ff7de860744 73 API calls 16208->16209 16210 7ff7de851b01 16209->16210 16211 7ff7de851b35 16210->16211 16212 7ff7de851b16 16210->16212 16214 7ff7de86040c _fread_nolock 53 API calls 16211->16214 16213 7ff7de864f78 _get_daylight 11 API calls 16212->16213 16216 7ff7de851b1b 16213->16216 16215 7ff7de851b4a 16214->16215 16217 7ff7de851b6f 16215->16217 16218 7ff7de851b50 16215->16218 16219 7ff7de852910 54 API calls 16216->16219 17044 7ff7de860180 16217->17044 16220 7ff7de864f78 _get_daylight 11 API calls 16218->16220 16219->16226 16222 7ff7de851b55 16220->16222 16224 7ff7de852910 54 API calls 16222->16224 16224->16226 16225 7ff7de852710 54 API calls 16225->16226 16226->16186 16228 7ff7de858a2a 16227->16228 16229 7ff7de859400 2 API calls 16228->16229 16230 7ff7de858a49 GetEnvironmentVariableW 16229->16230 16231 7ff7de858a66 ExpandEnvironmentStringsW 16230->16231 16232 7ff7de858ab2 16230->16232 16231->16232 16234 7ff7de858a88 16231->16234 16233 7ff7de85c5c0 _log10_special 8 API calls 16232->16233 16235 7ff7de858ac4 16233->16235 16236 7ff7de8594b0 2 API calls 16234->16236 16235->15986 16237 7ff7de858a9a 16236->16237 16238 7ff7de85c5c0 _log10_special 8 API calls 16237->16238 16239 7ff7de858aaa 16238->16239 16239->15986 16241 7ff7de8590f5 16240->16241 17262 7ff7de858760 GetCurrentProcess OpenProcessToken 16241->17262 16244 7ff7de858760 7 API calls 16245 7ff7de859121 16244->16245 16246 7ff7de85913a 16245->16246 16247 7ff7de859154 16245->16247 16249 7ff7de8526b0 48 API calls 16246->16249 16248 7ff7de8526b0 48 API calls 16247->16248 16250 7ff7de859167 LocalFree LocalFree 16248->16250 16251 7ff7de859152 16249->16251 16252 7ff7de859183 16250->16252 16254 7ff7de85918f 16250->16254 16251->16250 17272 7ff7de852b50 16252->17272 16255 7ff7de85c5c0 _log10_special 8 API calls 16254->16255 16256 7ff7de853c55 16255->16256 16256->16031 16257 7ff7de858850 16256->16257 16258 7ff7de858868 16257->16258 16259 7ff7de85888c 16258->16259 16260 7ff7de8588ea GetTempPathW GetCurrentProcessId 16258->16260 16262 7ff7de858a20 14 API calls 16259->16262 17281 7ff7de8525c0 16260->17281 16263 7ff7de858898 16262->16263 17288 7ff7de8581c0 16263->17288 16270 7ff7de858918 __std_exception_destroy 16276 7ff7de858955 __std_exception_destroy 16270->16276 17285 7ff7de868bd8 16270->17285 16275 7ff7de85c5c0 _log10_special 8 API calls 16277 7ff7de853cbb 16275->16277 16281 7ff7de859400 2 API calls 16276->16281 16287 7ff7de8589c4 __std_exception_destroy 16276->16287 16277->16031 16277->16043 16282 7ff7de8589a1 16281->16282 16283 7ff7de8589d9 16282->16283 16284 7ff7de8589a6 16282->16284 16285 7ff7de8682a8 38 API calls 16283->16285 16286 7ff7de859400 2 API calls 16284->16286 16285->16287 16287->16275 16291 7ff7de859446 16290->16291 16292 7ff7de859422 MultiByteToWideChar 16290->16292 16293 7ff7de859463 MultiByteToWideChar 16291->16293 16294 7ff7de85945c __std_exception_destroy 16291->16294 16292->16291 16292->16294 16293->16294 16294->16042 16296 7ff7de8533ce memcpy_s 16295->16296 16300 7ff7de851c80 49 API calls 16296->16300 16301 7ff7de8535e2 16296->16301 16306 7ff7de8535c9 16296->16306 16308 7ff7de852a50 54 API calls 16296->16308 16309 7ff7de8535c7 16296->16309 16312 7ff7de8535d0 16296->16312 17577 7ff7de854550 16296->17577 17583 7ff7de857e10 16296->17583 17594 7ff7de851600 16296->17594 17642 7ff7de857110 16296->17642 17646 7ff7de854180 16296->17646 17690 7ff7de854440 16296->17690 16297 7ff7de85c5c0 _log10_special 8 API calls 16298 7ff7de853664 16297->16298 16298->16090 16314 7ff7de8590c0 LocalFree 16298->16314 16300->16296 16303 7ff7de852710 54 API calls 16301->16303 16303->16309 16307 7ff7de852710 54 API calls 16306->16307 16307->16309 16308->16296 16309->16297 16313 7ff7de852710 54 API calls 16312->16313 16313->16309 16316 7ff7de851ca5 16315->16316 16317 7ff7de8649f4 49 API calls 16316->16317 16318 7ff7de851cc8 16317->16318 16318->15981 16320 7ff7de859400 2 API calls 16319->16320 16321 7ff7de858ba4 16320->16321 16322 7ff7de8682a8 38 API calls 16321->16322 16323 7ff7de858bb6 __std_exception_destroy 16322->16323 16323->15994 16325 7ff7de8545bc 16324->16325 16326 7ff7de859400 2 API calls 16325->16326 16327 7ff7de8545e4 16326->16327 16328 7ff7de859400 2 API calls 16327->16328 16329 7ff7de8545f7 16328->16329 17873 7ff7de866004 16329->17873 16332 7ff7de85c5c0 _log10_special 8 API calls 16333 7ff7de85392b 16332->16333 16333->15984 16334 7ff7de857f80 16333->16334 16335 7ff7de857fa4 16334->16335 16336 7ff7de85807b __std_exception_destroy 16335->16336 16337 7ff7de860744 73 API calls 16335->16337 16336->15988 16338 7ff7de857fc0 16337->16338 16338->16336 18264 7ff7de867938 16338->18264 16340 7ff7de857fd5 16340->16336 16341 7ff7de860744 73 API calls 16340->16341 16342 7ff7de86040c _fread_nolock 53 API calls 16340->16342 16341->16340 16342->16340 16344 7ff7de8600ec 16343->16344 18279 7ff7de85fe98 16344->18279 16346 7ff7de860105 16346->15984 16348 7ff7de85c8c0 16347->16348 16349 7ff7de852734 GetCurrentProcessId 16348->16349 16350 7ff7de851c80 49 API calls 16349->16350 16351 7ff7de852787 16350->16351 16352 7ff7de8649f4 49 API calls 16351->16352 16353 7ff7de8527cf 16352->16353 16354 7ff7de852620 12 API calls 16353->16354 16355 7ff7de8527f1 16354->16355 16356 7ff7de85c5c0 _log10_special 8 API calls 16355->16356 16357 7ff7de852801 16356->16357 16357->16090 16359 7ff7de859400 2 API calls 16358->16359 16360 7ff7de858b4c 16359->16360 16361 7ff7de859400 2 API calls 16360->16361 16362 7ff7de858b5c 16361->16362 16363 7ff7de8682a8 38 API calls 16362->16363 16364 7ff7de858b6a __std_exception_destroy 16363->16364 16364->15998 16366 7ff7de85c5c9 16365->16366 16367 7ff7de853ca7 16366->16367 16368 7ff7de85c950 IsProcessorFeaturePresent 16366->16368 16367->16106 16369 7ff7de85c968 16368->16369 18290 7ff7de85cb48 RtlCaptureContext 16369->18290 16375 7ff7de851c80 49 API calls 16374->16375 16376 7ff7de8544ed 16375->16376 16376->16025 16378 7ff7de851c80 49 API calls 16377->16378 16379 7ff7de854650 16378->16379 16379->16043 16381 7ff7de856dc5 16380->16381 16382 7ff7de853e6c 16381->16382 16383 7ff7de864f78 _get_daylight 11 API calls 16381->16383 16386 7ff7de857330 16382->16386 16384 7ff7de856dd2 16383->16384 16385 7ff7de852910 54 API calls 16384->16385 16385->16382 18295 7ff7de851470 16386->18295 16388 7ff7de857358 16389 7ff7de854620 49 API calls 16388->16389 16399 7ff7de8574a9 __std_exception_destroy 16388->16399 18401 7ff7de856350 16454->18401 16462 7ff7de853399 16463 7ff7de853670 16462->16463 16464 7ff7de85367e 16463->16464 16484 7ff7de86a5cc 16467->16484 16470 7ff7de86a8bf 16470->16152 16583 7ff7de8654dc EnterCriticalSection 16477->16583 16485 7ff7de86a5e8 GetLastError 16484->16485 16486 7ff7de86a623 16484->16486 16487 7ff7de86a5f8 16485->16487 16486->16470 16490 7ff7de86a638 16486->16490 16497 7ff7de86b400 16487->16497 16491 7ff7de86a66c 16490->16491 16492 7ff7de86a654 GetLastError SetLastError 16490->16492 16491->16470 16493 7ff7de86a970 IsProcessorFeaturePresent 16491->16493 16492->16491 16494 7ff7de86a983 16493->16494 16575 7ff7de86a684 16494->16575 16498 7ff7de86b43a FlsSetValue 16497->16498 16499 7ff7de86b41f FlsGetValue 16497->16499 16501 7ff7de86b447 16498->16501 16511 7ff7de86a613 SetLastError 16498->16511 16500 7ff7de86b434 16499->16500 16499->16511 16500->16498 16514 7ff7de86ec08 16501->16514 16504 7ff7de86b474 FlsSetValue 16507 7ff7de86b492 16504->16507 16508 7ff7de86b480 FlsSetValue 16504->16508 16505 7ff7de86b464 FlsSetValue 16506 7ff7de86b46d 16505->16506 16521 7ff7de86a9b8 16506->16521 16527 7ff7de86af64 16507->16527 16508->16506 16511->16486 16519 7ff7de86ec19 _get_daylight 16514->16519 16515 7ff7de86ec6a 16535 7ff7de864f78 16515->16535 16516 7ff7de86ec4e HeapAlloc 16517 7ff7de86b456 16516->16517 16516->16519 16517->16504 16517->16505 16519->16515 16519->16516 16532 7ff7de873600 16519->16532 16522 7ff7de86a9bd RtlFreeHeap 16521->16522 16523 7ff7de86a9ec 16521->16523 16522->16523 16524 7ff7de86a9d8 GetLastError 16522->16524 16523->16511 16525 7ff7de86a9e5 __free_lconv_mon 16524->16525 16526 7ff7de864f78 _get_daylight 9 API calls 16525->16526 16526->16523 16561 7ff7de86ae3c 16527->16561 16538 7ff7de873640 16532->16538 16544 7ff7de86b338 GetLastError 16535->16544 16537 7ff7de864f81 16537->16517 16543 7ff7de870348 EnterCriticalSection 16538->16543 16545 7ff7de86b379 FlsSetValue 16544->16545 16550 7ff7de86b35c 16544->16550 16546 7ff7de86b38b 16545->16546 16549 7ff7de86b369 16545->16549 16548 7ff7de86ec08 _get_daylight 5 API calls 16546->16548 16547 7ff7de86b3e5 SetLastError 16547->16537 16551 7ff7de86b39a 16548->16551 16549->16547 16550->16545 16550->16549 16552 7ff7de86b3b8 FlsSetValue 16551->16552 16553 7ff7de86b3a8 FlsSetValue 16551->16553 16555 7ff7de86b3d6 16552->16555 16556 7ff7de86b3c4 FlsSetValue 16552->16556 16554 7ff7de86b3b1 16553->16554 16558 7ff7de86a9b8 __free_lconv_mon 5 API calls 16554->16558 16557 7ff7de86af64 _get_daylight 5 API calls 16555->16557 16556->16554 16559 7ff7de86b3de 16557->16559 16558->16549 16560 7ff7de86a9b8 __free_lconv_mon 5 API calls 16559->16560 16560->16547 16573 7ff7de870348 EnterCriticalSection 16561->16573 16576 7ff7de86a6be _isindst memcpy_s 16575->16576 16577 7ff7de86a6e6 RtlCaptureContext RtlLookupFunctionEntry 16576->16577 16578 7ff7de86a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16577->16578 16579 7ff7de86a720 RtlVirtualUnwind 16577->16579 16580 7ff7de86a7a8 _isindst 16578->16580 16579->16578 16581 7ff7de85c5c0 _log10_special 8 API calls 16580->16581 16582 7ff7de86a7c7 GetCurrentProcess TerminateProcess 16581->16582 16585 7ff7de8536bc GetModuleFileNameW 16584->16585 16585->16158 16585->16159 16587 7ff7de85932f FindClose 16586->16587 16588 7ff7de859342 16586->16588 16587->16588 16589 7ff7de85c5c0 _log10_special 8 API calls 16588->16589 16590 7ff7de85371a 16589->16590 16590->16163 16590->16164 16592 7ff7de85c8c0 16591->16592 16593 7ff7de852c70 GetCurrentProcessId 16592->16593 16622 7ff7de8526b0 16593->16622 16595 7ff7de852cb9 16626 7ff7de864c48 16595->16626 16598 7ff7de8526b0 48 API calls 16599 7ff7de852d34 FormatMessageW 16598->16599 16601 7ff7de852d6d 16599->16601 16602 7ff7de852d7f MessageBoxW 16599->16602 16604 7ff7de8526b0 48 API calls 16601->16604 16603 7ff7de85c5c0 _log10_special 8 API calls 16602->16603 16605 7ff7de852daf 16603->16605 16604->16602 16605->16176 16607 7ff7de853730 16606->16607 16608 7ff7de8593b0 GetFinalPathNameByHandleW CloseHandle 16606->16608 16607->16171 16607->16175 16608->16607 16610 7ff7de852834 16609->16610 16611 7ff7de8526b0 48 API calls 16610->16611 16612 7ff7de852887 16611->16612 16613 7ff7de864c48 48 API calls 16612->16613 16614 7ff7de8528d0 MessageBoxW 16613->16614 16615 7ff7de85c5c0 _log10_special 8 API calls 16614->16615 16616 7ff7de852900 16615->16616 16616->16176 16618 7ff7de8594da WideCharToMultiByte 16617->16618 16619 7ff7de859505 16617->16619 16618->16619 16621 7ff7de85951b __std_exception_destroy 16618->16621 16620 7ff7de859522 WideCharToMultiByte 16619->16620 16619->16621 16620->16621 16621->16170 16623 7ff7de8526d5 16622->16623 16624 7ff7de864c48 48 API calls 16623->16624 16625 7ff7de8526f8 16624->16625 16625->16595 16629 7ff7de864ca2 16626->16629 16627 7ff7de864cc7 16628 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16627->16628 16634 7ff7de864cf1 16628->16634 16629->16627 16630 7ff7de864d03 16629->16630 16644 7ff7de863000 16630->16644 16632 7ff7de864de4 16633 7ff7de86a9b8 __free_lconv_mon 11 API calls 16632->16633 16633->16634 16635 7ff7de85c5c0 _log10_special 8 API calls 16634->16635 16637 7ff7de852d04 16635->16637 16637->16598 16638 7ff7de864e0a 16638->16632 16641 7ff7de864e14 16638->16641 16639 7ff7de864db9 16642 7ff7de86a9b8 __free_lconv_mon 11 API calls 16639->16642 16640 7ff7de864db0 16640->16632 16640->16639 16643 7ff7de86a9b8 __free_lconv_mon 11 API calls 16641->16643 16642->16634 16643->16634 16645 7ff7de86303e 16644->16645 16646 7ff7de86302e 16644->16646 16647 7ff7de863047 16645->16647 16652 7ff7de863075 16645->16652 16648 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16646->16648 16649 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16647->16649 16650 7ff7de86306d 16648->16650 16649->16650 16650->16632 16650->16638 16650->16639 16650->16640 16652->16646 16652->16650 16655 7ff7de863a14 16652->16655 16688 7ff7de863460 16652->16688 16725 7ff7de862bf0 16652->16725 16656 7ff7de863ac7 16655->16656 16657 7ff7de863a56 16655->16657 16660 7ff7de863acc 16656->16660 16661 7ff7de863b20 16656->16661 16658 7ff7de863a5c 16657->16658 16659 7ff7de863af1 16657->16659 16662 7ff7de863a90 16658->16662 16663 7ff7de863a61 16658->16663 16748 7ff7de861dc4 16659->16748 16664 7ff7de863ace 16660->16664 16665 7ff7de863b01 16660->16665 16667 7ff7de863b37 16661->16667 16669 7ff7de863b2a 16661->16669 16673 7ff7de863b2f 16661->16673 16670 7ff7de863a67 16662->16670 16662->16673 16663->16667 16663->16670 16668 7ff7de863a70 16664->16668 16677 7ff7de863add 16664->16677 16755 7ff7de8619b4 16665->16755 16762 7ff7de86471c 16667->16762 16686 7ff7de863b60 16668->16686 16728 7ff7de8641c8 16668->16728 16669->16659 16669->16673 16670->16668 16676 7ff7de863aa2 16670->16676 16683 7ff7de863a8b 16670->16683 16673->16686 16766 7ff7de8621d4 16673->16766 16676->16686 16738 7ff7de864504 16676->16738 16677->16659 16679 7ff7de863ae2 16677->16679 16679->16686 16744 7ff7de8645c8 16679->16744 16680 7ff7de85c5c0 _log10_special 8 API calls 16681 7ff7de863e5a 16680->16681 16681->16652 16683->16686 16687 7ff7de863d4c 16683->16687 16773 7ff7de864830 16683->16773 16686->16680 16687->16686 16779 7ff7de86ea78 16687->16779 16689 7ff7de86346e 16688->16689 16690 7ff7de863484 16688->16690 16691 7ff7de863ac7 16689->16691 16692 7ff7de863a56 16689->16692 16694 7ff7de8634c4 16689->16694 16693 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16690->16693 16690->16694 16697 7ff7de863acc 16691->16697 16698 7ff7de863b20 16691->16698 16695 7ff7de863a5c 16692->16695 16696 7ff7de863af1 16692->16696 16693->16694 16694->16652 16699 7ff7de863a90 16695->16699 16700 7ff7de863a61 16695->16700 16703 7ff7de861dc4 38 API calls 16696->16703 16701 7ff7de863ace 16697->16701 16702 7ff7de863b01 16697->16702 16704 7ff7de863b37 16698->16704 16706 7ff7de863b2a 16698->16706 16710 7ff7de863b2f 16698->16710 16707 7ff7de863a67 16699->16707 16699->16710 16700->16704 16700->16707 16705 7ff7de863a70 16701->16705 16713 7ff7de863add 16701->16713 16708 7ff7de8619b4 38 API calls 16702->16708 16720 7ff7de863a8b 16703->16720 16711 7ff7de86471c 45 API calls 16704->16711 16709 7ff7de8641c8 47 API calls 16705->16709 16723 7ff7de863b60 16705->16723 16706->16696 16706->16710 16707->16705 16714 7ff7de863aa2 16707->16714 16707->16720 16708->16720 16709->16720 16712 7ff7de8621d4 38 API calls 16710->16712 16710->16723 16711->16720 16712->16720 16713->16696 16716 7ff7de863ae2 16713->16716 16715 7ff7de864504 46 API calls 16714->16715 16714->16723 16715->16720 16718 7ff7de8645c8 37 API calls 16716->16718 16716->16723 16717 7ff7de85c5c0 _log10_special 8 API calls 16719 7ff7de863e5a 16717->16719 16718->16720 16719->16652 16721 7ff7de864830 45 API calls 16720->16721 16720->16723 16724 7ff7de863d4c 16720->16724 16721->16724 16722 7ff7de86ea78 46 API calls 16722->16724 16723->16717 16724->16722 16724->16723 17005 7ff7de861038 16725->17005 16729 7ff7de8641ee 16728->16729 16791 7ff7de860bf0 16729->16791 16734 7ff7de864830 45 API calls 16736 7ff7de864333 16734->16736 16735 7ff7de864830 45 API calls 16737 7ff7de8643c1 16735->16737 16736->16735 16736->16736 16736->16737 16737->16683 16741 7ff7de864539 16738->16741 16739 7ff7de86457e 16739->16683 16740 7ff7de864557 16743 7ff7de86ea78 46 API calls 16740->16743 16741->16739 16741->16740 16742 7ff7de864830 45 API calls 16741->16742 16742->16740 16743->16739 16745 7ff7de8645e9 16744->16745 16746 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16745->16746 16747 7ff7de86461a 16745->16747 16746->16747 16747->16683 16749 7ff7de861df7 16748->16749 16750 7ff7de861e26 16749->16750 16752 7ff7de861ee3 16749->16752 16754 7ff7de861e63 16750->16754 16937 7ff7de860c98 16750->16937 16753 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16752->16753 16753->16754 16754->16683 16756 7ff7de8619e7 16755->16756 16757 7ff7de861a16 16756->16757 16759 7ff7de861ad3 16756->16759 16758 7ff7de860c98 12 API calls 16757->16758 16761 7ff7de861a53 16757->16761 16758->16761 16760 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16759->16760 16760->16761 16761->16683 16763 7ff7de86475f 16762->16763 16765 7ff7de864763 __crtLCMapStringW 16763->16765 16945 7ff7de8647b8 16763->16945 16765->16683 16767 7ff7de862207 16766->16767 16768 7ff7de862236 16767->16768 16770 7ff7de8622f3 16767->16770 16769 7ff7de860c98 12 API calls 16768->16769 16772 7ff7de862273 16768->16772 16769->16772 16771 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16770->16771 16771->16772 16772->16683 16774 7ff7de864847 16773->16774 16949 7ff7de86da28 16774->16949 16781 7ff7de86eaa9 16779->16781 16789 7ff7de86eab7 16779->16789 16780 7ff7de86ead7 16783 7ff7de86eae8 16780->16783 16784 7ff7de86eb0f 16780->16784 16781->16780 16782 7ff7de864830 45 API calls 16781->16782 16781->16789 16782->16780 16995 7ff7de870110 16783->16995 16786 7ff7de86eb39 16784->16786 16787 7ff7de86eb9a 16784->16787 16784->16789 16786->16789 16998 7ff7de86f910 16786->16998 16788 7ff7de86f910 _fread_nolock MultiByteToWideChar 16787->16788 16788->16789 16789->16687 16792 7ff7de860c16 16791->16792 16793 7ff7de860c27 16791->16793 16799 7ff7de86e5e0 16792->16799 16793->16792 16821 7ff7de86d66c 16793->16821 16796 7ff7de860c68 16798 7ff7de86a9b8 __free_lconv_mon 11 API calls 16796->16798 16797 7ff7de86a9b8 __free_lconv_mon 11 API calls 16797->16796 16798->16792 16800 7ff7de86e5fd 16799->16800 16801 7ff7de86e630 16799->16801 16802 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16800->16802 16801->16800 16803 7ff7de86e662 16801->16803 16810 7ff7de864311 16802->16810 16809 7ff7de86e775 16803->16809 16816 7ff7de86e6aa 16803->16816 16804 7ff7de86e867 16861 7ff7de86dacc 16804->16861 16806 7ff7de86e82d 16854 7ff7de86de64 16806->16854 16808 7ff7de86e7fc 16847 7ff7de86e144 16808->16847 16809->16804 16809->16806 16809->16808 16812 7ff7de86e7bf 16809->16812 16813 7ff7de86e7b5 16809->16813 16810->16734 16810->16736 16837 7ff7de86e374 16812->16837 16813->16806 16815 7ff7de86e7ba 16813->16815 16815->16808 16815->16812 16816->16810 16828 7ff7de86a514 16816->16828 16819 7ff7de86a970 _isindst 17 API calls 16820 7ff7de86e8c4 16819->16820 16822 7ff7de86d67b _get_daylight 16821->16822 16823 7ff7de86d6b7 16821->16823 16822->16823 16825 7ff7de86d69e HeapAlloc 16822->16825 16827 7ff7de873600 _get_daylight 2 API calls 16822->16827 16824 7ff7de864f78 _get_daylight 11 API calls 16823->16824 16826 7ff7de860c54 16824->16826 16825->16822 16825->16826 16826->16796 16826->16797 16827->16822 16829 7ff7de86a521 16828->16829 16831 7ff7de86a52b 16828->16831 16829->16831 16835 7ff7de86a546 16829->16835 16830 7ff7de864f78 _get_daylight 11 API calls 16832 7ff7de86a532 16830->16832 16831->16830 16870 7ff7de86a950 16832->16870 16833 7ff7de86a53e 16833->16810 16833->16819 16835->16833 16836 7ff7de864f78 _get_daylight 11 API calls 16835->16836 16836->16832 16873 7ff7de87411c 16837->16873 16841 7ff7de86e41c 16842 7ff7de86e471 16841->16842 16844 7ff7de86e43c 16841->16844 16846 7ff7de86e420 16841->16846 16926 7ff7de86df60 16842->16926 16922 7ff7de86e21c 16844->16922 16846->16810 16848 7ff7de87411c 38 API calls 16847->16848 16849 7ff7de86e18e 16848->16849 16850 7ff7de873b64 37 API calls 16849->16850 16851 7ff7de86e1de 16850->16851 16852 7ff7de86e1e2 16851->16852 16853 7ff7de86e21c 45 API calls 16851->16853 16852->16810 16853->16852 16855 7ff7de87411c 38 API calls 16854->16855 16856 7ff7de86deaf 16855->16856 16857 7ff7de873b64 37 API calls 16856->16857 16858 7ff7de86df07 16857->16858 16859 7ff7de86df0b 16858->16859 16860 7ff7de86df60 45 API calls 16858->16860 16859->16810 16860->16859 16862 7ff7de86db44 16861->16862 16863 7ff7de86db11 16861->16863 16865 7ff7de86dbdd 16862->16865 16866 7ff7de86db5c 16862->16866 16864 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16863->16864 16867 7ff7de86db3d memcpy_s 16864->16867 16865->16867 16869 7ff7de864830 45 API calls 16865->16869 16868 7ff7de86de64 46 API calls 16866->16868 16867->16810 16868->16867 16869->16867 16871 7ff7de86a7e8 _invalid_parameter_noinfo 37 API calls 16870->16871 16872 7ff7de86a969 16871->16872 16872->16833 16874 7ff7de87416f fegetenv 16873->16874 16875 7ff7de877e9c 37 API calls 16874->16875 16879 7ff7de8741c2 16875->16879 16876 7ff7de8741ef 16881 7ff7de86a514 __std_exception_copy 37 API calls 16876->16881 16877 7ff7de8742b2 16878 7ff7de877e9c 37 API calls 16877->16878 16880 7ff7de8742dc 16878->16880 16879->16877 16882 7ff7de87428c 16879->16882 16883 7ff7de8741dd 16879->16883 16884 7ff7de877e9c 37 API calls 16880->16884 16885 7ff7de87426d 16881->16885 16888 7ff7de86a514 __std_exception_copy 37 API calls 16882->16888 16883->16876 16883->16877 16886 7ff7de8742ed 16884->16886 16887 7ff7de875394 16885->16887 16892 7ff7de874275 16885->16892 16889 7ff7de878090 20 API calls 16886->16889 16890 7ff7de86a970 _isindst 17 API calls 16887->16890 16888->16885 16900 7ff7de874356 memcpy_s 16889->16900 16891 7ff7de8753a9 16890->16891 16893 7ff7de85c5c0 _log10_special 8 API calls 16892->16893 16894 7ff7de86e3c1 16893->16894 16918 7ff7de873b64 16894->16918 16895 7ff7de8746ff memcpy_s 16896 7ff7de874a3f 16897 7ff7de873c80 37 API calls 16896->16897 16907 7ff7de875157 16897->16907 16898 7ff7de8749eb 16898->16896 16901 7ff7de8753ac memcpy_s 37 API calls 16898->16901 16899 7ff7de874397 memcpy_s 16903 7ff7de874cdb memcpy_s 16899->16903 16904 7ff7de8747f3 memcpy_s 16899->16904 16900->16895 16900->16899 16902 7ff7de864f78 _get_daylight 11 API calls 16900->16902 16901->16896 16905 7ff7de8747d0 16902->16905 16903->16896 16903->16898 16913 7ff7de864f78 11 API calls _get_daylight 16903->16913 16917 7ff7de86a950 37 API calls _invalid_parameter_noinfo 16903->16917 16904->16898 16912 7ff7de864f78 11 API calls _get_daylight 16904->16912 16915 7ff7de86a950 37 API calls _invalid_parameter_noinfo 16904->16915 16908 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 16905->16908 16906 7ff7de8751b2 16909 7ff7de875338 16906->16909 16914 7ff7de873c80 37 API calls 16906->16914 16916 7ff7de8753ac memcpy_s 37 API calls 16906->16916 16907->16906 16910 7ff7de8753ac memcpy_s 37 API calls 16907->16910 16908->16899 16911 7ff7de877e9c 37 API calls 16909->16911 16910->16906 16911->16892 16912->16904 16913->16903 16914->16906 16915->16904 16916->16906 16917->16903 16919 7ff7de873b83 16918->16919 16920 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16919->16920 16921 7ff7de873bae memcpy_s 16919->16921 16920->16921 16921->16841 16923 7ff7de86e248 memcpy_s 16922->16923 16924 7ff7de864830 45 API calls 16923->16924 16925 7ff7de86e302 memcpy_s 16923->16925 16924->16925 16925->16846 16927 7ff7de86df9b 16926->16927 16931 7ff7de86dfe8 memcpy_s 16926->16931 16928 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 16927->16928 16929 7ff7de86dfc7 16928->16929 16929->16846 16930 7ff7de86e053 16932 7ff7de86a514 __std_exception_copy 37 API calls 16930->16932 16931->16930 16933 7ff7de864830 45 API calls 16931->16933 16936 7ff7de86e095 memcpy_s 16932->16936 16933->16930 16934 7ff7de86a970 _isindst 17 API calls 16935 7ff7de86e140 16934->16935 16936->16934 16938 7ff7de860cbe 16937->16938 16939 7ff7de860ccf 16937->16939 16938->16754 16939->16938 16940 7ff7de86d66c _fread_nolock 12 API calls 16939->16940 16941 7ff7de860d00 16940->16941 16942 7ff7de860d14 16941->16942 16943 7ff7de86a9b8 __free_lconv_mon 11 API calls 16941->16943 16944 7ff7de86a9b8 __free_lconv_mon 11 API calls 16942->16944 16943->16942 16944->16938 16946 7ff7de8647de 16945->16946 16947 7ff7de8647d6 16945->16947 16946->16765 16948 7ff7de864830 45 API calls 16947->16948 16948->16946 16950 7ff7de86da41 16949->16950 16952 7ff7de86486f 16949->16952 16950->16952 16957 7ff7de873374 16950->16957 16953 7ff7de86da94 16952->16953 16954 7ff7de86daad 16953->16954 16955 7ff7de86487f 16953->16955 16954->16955 16992 7ff7de8726c0 16954->16992 16955->16687 16969 7ff7de86b1c0 GetLastError 16957->16969 16960 7ff7de8733ce 16960->16952 16970 7ff7de86b1e4 FlsGetValue 16969->16970 16971 7ff7de86b201 FlsSetValue 16969->16971 16972 7ff7de86b1f1 16970->16972 16974 7ff7de86b1fb 16970->16974 16971->16972 16973 7ff7de86b213 16971->16973 16975 7ff7de86b26d SetLastError 16972->16975 16976 7ff7de86ec08 _get_daylight 11 API calls 16973->16976 16974->16971 16977 7ff7de86b28d 16975->16977 16978 7ff7de86b27a 16975->16978 16979 7ff7de86b222 16976->16979 16980 7ff7de86a574 __GetCurrentState 38 API calls 16977->16980 16978->16960 16991 7ff7de870348 EnterCriticalSection 16978->16991 16981 7ff7de86b240 FlsSetValue 16979->16981 16982 7ff7de86b230 FlsSetValue 16979->16982 16983 7ff7de86b292 16980->16983 16985 7ff7de86b25e 16981->16985 16986 7ff7de86b24c FlsSetValue 16981->16986 16984 7ff7de86b239 16982->16984 16987 7ff7de86a9b8 __free_lconv_mon 11 API calls 16984->16987 16988 7ff7de86af64 _get_daylight 11 API calls 16985->16988 16986->16984 16987->16972 16989 7ff7de86b266 16988->16989 16990 7ff7de86a9b8 __free_lconv_mon 11 API calls 16989->16990 16990->16975 16993 7ff7de86b1c0 __GetCurrentState 45 API calls 16992->16993 16994 7ff7de8726c9 16993->16994 17001 7ff7de876df8 16995->17001 17000 7ff7de86f919 MultiByteToWideChar 16998->17000 17002 7ff7de876e5c 17001->17002 17003 7ff7de85c5c0 _log10_special 8 API calls 17002->17003 17004 7ff7de87012d 17003->17004 17004->16789 17006 7ff7de86106d 17005->17006 17007 7ff7de86107f 17005->17007 17008 7ff7de864f78 _get_daylight 11 API calls 17006->17008 17010 7ff7de86108d 17007->17010 17013 7ff7de8610c9 17007->17013 17009 7ff7de861072 17008->17009 17011 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17009->17011 17012 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17010->17012 17019 7ff7de86107d 17011->17019 17012->17019 17014 7ff7de861445 17013->17014 17016 7ff7de864f78 _get_daylight 11 API calls 17013->17016 17015 7ff7de864f78 _get_daylight 11 API calls 17014->17015 17014->17019 17017 7ff7de8616d9 17015->17017 17018 7ff7de86143a 17016->17018 17020 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17017->17020 17021 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17018->17021 17019->16652 17020->17019 17021->17014 17023 7ff7de860774 17022->17023 17050 7ff7de8604d4 17023->17050 17025 7ff7de86078d 17025->16187 17062 7ff7de86042c 17026->17062 17030 7ff7de85c8c0 17029->17030 17031 7ff7de852930 GetCurrentProcessId 17030->17031 17032 7ff7de851c80 49 API calls 17031->17032 17033 7ff7de852979 17032->17033 17076 7ff7de8649f4 17033->17076 17038 7ff7de851c80 49 API calls 17039 7ff7de8529ff 17038->17039 17106 7ff7de852620 17039->17106 17042 7ff7de85c5c0 _log10_special 8 API calls 17043 7ff7de852a31 17042->17043 17043->16226 17045 7ff7de851b89 17044->17045 17046 7ff7de860189 17044->17046 17045->16225 17045->16226 17047 7ff7de864f78 _get_daylight 11 API calls 17046->17047 17048 7ff7de86018e 17047->17048 17049 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17048->17049 17049->17045 17051 7ff7de86053e 17050->17051 17052 7ff7de8604fe 17050->17052 17051->17052 17054 7ff7de86054a 17051->17054 17053 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17052->17053 17060 7ff7de860525 17053->17060 17061 7ff7de8654dc EnterCriticalSection 17054->17061 17060->17025 17063 7ff7de851a20 17062->17063 17064 7ff7de860456 17062->17064 17063->16194 17063->16195 17064->17063 17065 7ff7de860465 memcpy_s 17064->17065 17066 7ff7de8604a2 17064->17066 17068 7ff7de864f78 _get_daylight 11 API calls 17065->17068 17075 7ff7de8654dc EnterCriticalSection 17066->17075 17070 7ff7de86047a 17068->17070 17072 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17070->17072 17072->17063 17078 7ff7de864a4e 17076->17078 17077 7ff7de864a73 17079 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17077->17079 17078->17077 17080 7ff7de864aaf 17078->17080 17082 7ff7de864a9d 17079->17082 17115 7ff7de862c80 17080->17115 17085 7ff7de85c5c0 _log10_special 8 API calls 17082->17085 17083 7ff7de864b8c 17084 7ff7de86a9b8 __free_lconv_mon 11 API calls 17083->17084 17084->17082 17087 7ff7de8529c3 17085->17087 17094 7ff7de8651d0 17087->17094 17088 7ff7de864bb0 17088->17083 17091 7ff7de864bba 17088->17091 17089 7ff7de864b61 17092 7ff7de86a9b8 __free_lconv_mon 11 API calls 17089->17092 17090 7ff7de864b58 17090->17083 17090->17089 17093 7ff7de86a9b8 __free_lconv_mon 11 API calls 17091->17093 17092->17082 17093->17082 17095 7ff7de86b338 _get_daylight 11 API calls 17094->17095 17096 7ff7de8651e7 17095->17096 17097 7ff7de8529e5 17096->17097 17098 7ff7de86ec08 _get_daylight 11 API calls 17096->17098 17101 7ff7de865227 17096->17101 17097->17038 17099 7ff7de86521c 17098->17099 17100 7ff7de86a9b8 __free_lconv_mon 11 API calls 17099->17100 17100->17101 17101->17097 17253 7ff7de86ec90 17101->17253 17104 7ff7de86a970 _isindst 17 API calls 17105 7ff7de86526c 17104->17105 17107 7ff7de85262f 17106->17107 17108 7ff7de859400 2 API calls 17107->17108 17109 7ff7de852660 17108->17109 17110 7ff7de852683 MessageBoxA 17109->17110 17111 7ff7de85266f MessageBoxW 17109->17111 17112 7ff7de852690 17110->17112 17111->17112 17113 7ff7de85c5c0 _log10_special 8 API calls 17112->17113 17114 7ff7de8526a0 17113->17114 17114->17042 17116 7ff7de862cbe 17115->17116 17117 7ff7de862cae 17115->17117 17118 7ff7de862cc7 17116->17118 17125 7ff7de862cf5 17116->17125 17121 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17117->17121 17119 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17118->17119 17120 7ff7de862ced 17119->17120 17120->17083 17120->17088 17120->17089 17120->17090 17121->17120 17122 7ff7de864830 45 API calls 17122->17125 17124 7ff7de862fa4 17127 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17124->17127 17125->17117 17125->17120 17125->17122 17125->17124 17129 7ff7de863610 17125->17129 17155 7ff7de8632d8 17125->17155 17185 7ff7de862b60 17125->17185 17127->17117 17130 7ff7de8636c5 17129->17130 17131 7ff7de863652 17129->17131 17132 7ff7de8636ca 17130->17132 17133 7ff7de86371f 17130->17133 17134 7ff7de863658 17131->17134 17135 7ff7de8636ef 17131->17135 17136 7ff7de8636cc 17132->17136 17137 7ff7de8636ff 17132->17137 17133->17135 17146 7ff7de86372e 17133->17146 17154 7ff7de863688 17133->17154 17142 7ff7de86365d 17134->17142 17134->17146 17202 7ff7de861bc0 17135->17202 17138 7ff7de86366d 17136->17138 17145 7ff7de8636db 17136->17145 17209 7ff7de8617b0 17137->17209 17152 7ff7de86375d 17138->17152 17188 7ff7de863f74 17138->17188 17142->17138 17144 7ff7de8636a0 17142->17144 17142->17154 17144->17152 17198 7ff7de864430 17144->17198 17145->17135 17147 7ff7de8636e0 17145->17147 17146->17152 17216 7ff7de861fd0 17146->17216 17150 7ff7de8645c8 37 API calls 17147->17150 17147->17152 17149 7ff7de85c5c0 _log10_special 8 API calls 17151 7ff7de8639f3 17149->17151 17150->17154 17151->17125 17152->17149 17154->17152 17223 7ff7de86e8c8 17154->17223 17156 7ff7de8632f9 17155->17156 17157 7ff7de8632e3 17155->17157 17158 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17156->17158 17159 7ff7de863337 17156->17159 17157->17159 17160 7ff7de8636c5 17157->17160 17161 7ff7de863652 17157->17161 17158->17159 17159->17125 17162 7ff7de8636ca 17160->17162 17163 7ff7de86371f 17160->17163 17164 7ff7de863658 17161->17164 17165 7ff7de8636ef 17161->17165 17166 7ff7de8636cc 17162->17166 17167 7ff7de8636ff 17162->17167 17163->17165 17177 7ff7de86372e 17163->17177 17183 7ff7de863688 17163->17183 17172 7ff7de86365d 17164->17172 17164->17177 17169 7ff7de861bc0 38 API calls 17165->17169 17168 7ff7de86366d 17166->17168 17174 7ff7de8636db 17166->17174 17170 7ff7de8617b0 38 API calls 17167->17170 17171 7ff7de863f74 47 API calls 17168->17171 17176 7ff7de86375d 17168->17176 17169->17183 17170->17183 17171->17183 17172->17168 17175 7ff7de8636a0 17172->17175 17172->17183 17173 7ff7de861fd0 38 API calls 17173->17183 17174->17165 17178 7ff7de8636e0 17174->17178 17175->17176 17179 7ff7de864430 47 API calls 17175->17179 17180 7ff7de85c5c0 _log10_special 8 API calls 17176->17180 17177->17173 17177->17176 17178->17176 17181 7ff7de8645c8 37 API calls 17178->17181 17179->17183 17182 7ff7de8639f3 17180->17182 17181->17183 17182->17125 17183->17176 17184 7ff7de86e8c8 47 API calls 17183->17184 17184->17183 17236 7ff7de860d84 17185->17236 17189 7ff7de863f96 17188->17189 17190 7ff7de860bf0 12 API calls 17189->17190 17191 7ff7de863fde 17190->17191 17192 7ff7de86e5e0 46 API calls 17191->17192 17193 7ff7de8640b1 17192->17193 17194 7ff7de8640d3 17193->17194 17195 7ff7de864830 45 API calls 17193->17195 17196 7ff7de864830 45 API calls 17194->17196 17197 7ff7de86415c 17194->17197 17195->17194 17196->17197 17197->17154 17199 7ff7de8644b0 17198->17199 17200 7ff7de864448 17198->17200 17199->17154 17200->17199 17201 7ff7de86e8c8 47 API calls 17200->17201 17201->17199 17203 7ff7de861bf3 17202->17203 17204 7ff7de861c22 17203->17204 17206 7ff7de861cdf 17203->17206 17205 7ff7de860bf0 12 API calls 17204->17205 17207 7ff7de861c5f 17204->17207 17205->17207 17208 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17206->17208 17207->17154 17208->17207 17210 7ff7de8617e3 17209->17210 17211 7ff7de861812 17210->17211 17214 7ff7de8618cf 17210->17214 17212 7ff7de86184f 17211->17212 17213 7ff7de860bf0 12 API calls 17211->17213 17212->17154 17213->17212 17215 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17214->17215 17215->17212 17217 7ff7de862003 17216->17217 17218 7ff7de862032 17217->17218 17220 7ff7de8620ef 17217->17220 17219 7ff7de860bf0 12 API calls 17218->17219 17222 7ff7de86206f 17218->17222 17219->17222 17221 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17220->17221 17221->17222 17222->17154 17224 7ff7de86e8f0 17223->17224 17225 7ff7de86e935 17224->17225 17226 7ff7de864830 45 API calls 17224->17226 17228 7ff7de86e91e memcpy_s 17224->17228 17232 7ff7de86e8f5 memcpy_s 17224->17232 17225->17228 17225->17232 17233 7ff7de870858 17225->17233 17226->17225 17227 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17227->17232 17228->17227 17228->17232 17232->17154 17235 7ff7de87087c WideCharToMultiByte 17233->17235 17237 7ff7de860dc3 17236->17237 17238 7ff7de860db1 17236->17238 17240 7ff7de860dd0 17237->17240 17244 7ff7de860e0d 17237->17244 17239 7ff7de864f78 _get_daylight 11 API calls 17238->17239 17241 7ff7de860db6 17239->17241 17242 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 17240->17242 17243 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17241->17243 17250 7ff7de860dc1 17242->17250 17243->17250 17245 7ff7de860eb6 17244->17245 17246 7ff7de864f78 _get_daylight 11 API calls 17244->17246 17247 7ff7de864f78 _get_daylight 11 API calls 17245->17247 17245->17250 17248 7ff7de860eab 17246->17248 17249 7ff7de860f60 17247->17249 17251 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17248->17251 17252 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17249->17252 17250->17125 17251->17245 17252->17250 17258 7ff7de86ecad 17253->17258 17254 7ff7de86ecb2 17255 7ff7de86524d 17254->17255 17256 7ff7de864f78 _get_daylight 11 API calls 17254->17256 17255->17097 17255->17104 17257 7ff7de86ecbc 17256->17257 17259 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17257->17259 17258->17254 17258->17255 17260 7ff7de86ecfc 17258->17260 17259->17255 17260->17255 17261 7ff7de864f78 _get_daylight 11 API calls 17260->17261 17261->17257 17263 7ff7de858823 __std_exception_destroy 17262->17263 17264 7ff7de8587a1 GetTokenInformation 17262->17264 17266 7ff7de85883c 17263->17266 17267 7ff7de858836 CloseHandle 17263->17267 17265 7ff7de8587c2 GetLastError 17264->17265 17268 7ff7de8587cd 17264->17268 17265->17263 17265->17268 17266->16244 17267->17266 17268->17263 17269 7ff7de8587e9 GetTokenInformation 17268->17269 17269->17263 17270 7ff7de85880c 17269->17270 17270->17263 17271 7ff7de858816 ConvertSidToStringSidW 17270->17271 17271->17263 17273 7ff7de85c8c0 17272->17273 17274 7ff7de852b74 GetCurrentProcessId 17273->17274 17275 7ff7de8526b0 48 API calls 17274->17275 17276 7ff7de852bc7 17275->17276 17277 7ff7de864c48 48 API calls 17276->17277 17278 7ff7de852c10 MessageBoxW 17277->17278 17279 7ff7de85c5c0 _log10_special 8 API calls 17278->17279 17280 7ff7de852c40 17279->17280 17280->16254 17282 7ff7de8525e5 17281->17282 17283 7ff7de864c48 48 API calls 17282->17283 17284 7ff7de852604 17283->17284 17284->16270 17330 7ff7de868804 17285->17330 17289 7ff7de8581cc 17288->17289 17290 7ff7de859400 2 API calls 17289->17290 17291 7ff7de8581eb 17290->17291 17292 7ff7de8581f3 17291->17292 17293 7ff7de858206 ExpandEnvironmentStringsW 17291->17293 17294 7ff7de852810 49 API calls 17292->17294 17295 7ff7de85822c __std_exception_destroy 17293->17295 17296 7ff7de8581ff __std_exception_destroy 17294->17296 17297 7ff7de858243 17295->17297 17298 7ff7de858230 17295->17298 17300 7ff7de85c5c0 _log10_special 8 API calls 17296->17300 17302 7ff7de8582af 17297->17302 17304 7ff7de858251 GetDriveTypeW 17297->17304 17299 7ff7de852810 49 API calls 17298->17299 17299->17296 17371 7ff7de8715c8 17330->17371 17430 7ff7de871340 17371->17430 17451 7ff7de870348 EnterCriticalSection 17430->17451 17578 7ff7de85455a 17577->17578 17579 7ff7de859400 2 API calls 17578->17579 17580 7ff7de85457f 17579->17580 17581 7ff7de85c5c0 _log10_special 8 API calls 17580->17581 17582 7ff7de8545a7 17581->17582 17582->16296 17584 7ff7de857e1e 17583->17584 17585 7ff7de857f42 17584->17585 17586 7ff7de851c80 49 API calls 17584->17586 17587 7ff7de85c5c0 _log10_special 8 API calls 17585->17587 17591 7ff7de857ea5 17586->17591 17588 7ff7de857f73 17587->17588 17588->16296 17589 7ff7de851c80 49 API calls 17589->17591 17590 7ff7de854550 10 API calls 17590->17591 17591->17585 17591->17589 17591->17590 17592 7ff7de859400 2 API calls 17591->17592 17593 7ff7de857f13 CreateDirectoryW 17592->17593 17593->17585 17593->17591 17595 7ff7de851637 17594->17595 17596 7ff7de851613 17594->17596 17597 7ff7de8545b0 108 API calls 17595->17597 17715 7ff7de851050 17596->17715 17599 7ff7de85164b 17597->17599 17601 7ff7de851653 17599->17601 17602 7ff7de851682 17599->17602 17600 7ff7de851618 17603 7ff7de85162e 17600->17603 17604 7ff7de852710 54 API calls 17600->17604 17605 7ff7de864f78 _get_daylight 11 API calls 17601->17605 17606 7ff7de8545b0 108 API calls 17602->17606 17603->16296 17604->17603 17607 7ff7de851658 17605->17607 17608 7ff7de851696 17606->17608 17609 7ff7de852910 54 API calls 17607->17609 17610 7ff7de85169e 17608->17610 17611 7ff7de8516b8 17608->17611 17613 7ff7de851671 17609->17613 17614 7ff7de852710 54 API calls 17610->17614 17612 7ff7de860744 73 API calls 17611->17612 17615 7ff7de8516cd 17612->17615 17613->16296 17616 7ff7de8516ae 17614->17616 17617 7ff7de8516f9 17615->17617 17618 7ff7de8516d1 17615->17618 17622 7ff7de8600bc 74 API calls 17616->17622 17620 7ff7de851717 17617->17620 17644 7ff7de85717b 17642->17644 17645 7ff7de857134 17642->17645 17644->16296 17645->17644 17779 7ff7de865094 17645->17779 17647 7ff7de854191 17646->17647 17648 7ff7de8544d0 49 API calls 17647->17648 17649 7ff7de8541cb 17648->17649 17650 7ff7de8544d0 49 API calls 17649->17650 17651 7ff7de8541db 17650->17651 17652 7ff7de85422c 17651->17652 17653 7ff7de8541fd 17651->17653 17655 7ff7de854100 51 API calls 17652->17655 17810 7ff7de854100 17653->17810 17656 7ff7de85422a 17655->17656 17657 7ff7de85428c 17656->17657 17658 7ff7de854257 17656->17658 17660 7ff7de854100 51 API calls 17657->17660 17817 7ff7de857ce0 17658->17817 17691 7ff7de851c80 49 API calls 17690->17691 17692 7ff7de854464 17691->17692 17692->16296 17716 7ff7de8545b0 108 API calls 17715->17716 17717 7ff7de85108c 17716->17717 17718 7ff7de8510a9 17717->17718 17719 7ff7de851094 17717->17719 17720 7ff7de860744 73 API calls 17718->17720 17721 7ff7de852710 54 API calls 17719->17721 17722 7ff7de8510bf 17720->17722 17727 7ff7de8510a4 __std_exception_destroy 17721->17727 17723 7ff7de8510c3 17722->17723 17724 7ff7de8510e6 17722->17724 17725 7ff7de864f78 _get_daylight 11 API calls 17723->17725 17729 7ff7de8510f7 17724->17729 17730 7ff7de851122 17724->17730 17726 7ff7de8510c8 17725->17726 17727->17600 17732 7ff7de864f78 _get_daylight 11 API calls 17729->17732 17731 7ff7de851129 17730->17731 17740 7ff7de85113c 17730->17740 17733 7ff7de851210 92 API calls 17731->17733 17734 7ff7de851100 17732->17734 17736 7ff7de8510e1 __std_exception_destroy 17733->17736 17739 7ff7de86040c _fread_nolock 53 API calls 17739->17740 17740->17736 17740->17739 17742 7ff7de8511ed 17740->17742 17780 7ff7de8650ce 17779->17780 17781 7ff7de8650a1 17779->17781 17782 7ff7de8650f1 17780->17782 17785 7ff7de86510d 17780->17785 17783 7ff7de864f78 _get_daylight 11 API calls 17781->17783 17790 7ff7de865058 17781->17790 17784 7ff7de864f78 _get_daylight 11 API calls 17782->17784 17786 7ff7de8650ab 17783->17786 17787 7ff7de8650f6 17784->17787 17794 7ff7de864fbc 17785->17794 17789 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17786->17789 17791 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17787->17791 17792 7ff7de8650b6 17789->17792 17790->17645 17793 7ff7de865101 17791->17793 17792->17645 17793->17645 17795 7ff7de864fe0 17794->17795 17801 7ff7de864fdb 17794->17801 17796 7ff7de86b1c0 __GetCurrentState 45 API calls 17795->17796 17795->17801 17797 7ff7de864ffb 17796->17797 17802 7ff7de86d9f4 17797->17802 17801->17793 17803 7ff7de86da09 17802->17803 17804 7ff7de86501e 17802->17804 17803->17804 17805 7ff7de873374 45 API calls 17803->17805 17806 7ff7de86da60 17804->17806 17805->17804 17811 7ff7de854126 17810->17811 17812 7ff7de8649f4 49 API calls 17811->17812 17813 7ff7de85414c 17812->17813 17875 7ff7de865f38 17873->17875 17874 7ff7de865f5e 17876 7ff7de864f78 _get_daylight 11 API calls 17874->17876 17875->17874 17878 7ff7de865f91 17875->17878 17877 7ff7de865f63 17876->17877 17879 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 17877->17879 17880 7ff7de865f97 17878->17880 17881 7ff7de865fa4 17878->17881 17884 7ff7de854606 17879->17884 17882 7ff7de864f78 _get_daylight 11 API calls 17880->17882 17892 7ff7de86ac98 17881->17892 17882->17884 17884->16332 17905 7ff7de870348 EnterCriticalSection 17892->17905 18265 7ff7de867968 18264->18265 18268 7ff7de867444 18265->18268 18267 7ff7de867981 18267->16340 18269 7ff7de86748e 18268->18269 18270 7ff7de86745f 18268->18270 18278 7ff7de8654dc EnterCriticalSection 18269->18278 18271 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 18270->18271 18277 7ff7de86747f 18271->18277 18277->18267 18280 7ff7de85feb3 18279->18280 18282 7ff7de85fee1 18279->18282 18281 7ff7de86a884 _invalid_parameter_noinfo 37 API calls 18280->18281 18284 7ff7de85fed3 18281->18284 18282->18284 18289 7ff7de8654dc EnterCriticalSection 18282->18289 18284->16346 18291 7ff7de85cb62 RtlLookupFunctionEntry 18290->18291 18292 7ff7de85cb78 RtlVirtualUnwind 18291->18292 18293 7ff7de85c97b 18291->18293 18292->18291 18292->18293 18294 7ff7de85c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18293->18294 18296 7ff7de8545b0 108 API calls 18295->18296 18297 7ff7de851493 18296->18297 18298 7ff7de85149b 18297->18298 18299 7ff7de8514bc 18297->18299 18300 7ff7de852710 54 API calls 18298->18300 18301 7ff7de860744 73 API calls 18299->18301 18302 7ff7de8514ab 18300->18302 18303 7ff7de8514d1 18301->18303 18302->16388 18304 7ff7de8514f8 18303->18304 18305 7ff7de8514d5 18303->18305 18308 7ff7de851508 18304->18308 18309 7ff7de851532 18304->18309 18306 7ff7de864f78 _get_daylight 11 API calls 18305->18306 18402 7ff7de856365 18401->18402 18403 7ff7de851c80 49 API calls 18402->18403 18404 7ff7de8563a1 18403->18404 18405 7ff7de8563cd 18404->18405 18406 7ff7de8563aa 18404->18406 18408 7ff7de854620 49 API calls 18405->18408 18407 7ff7de852710 54 API calls 18406->18407 18424 7ff7de8563c3 18407->18424 18409 7ff7de8563e5 18408->18409 18410 7ff7de856403 18409->18410 18413 7ff7de852710 54 API calls 18409->18413 18411 7ff7de854550 10 API calls 18410->18411 18414 7ff7de85640d 18411->18414 18412 7ff7de85c5c0 _log10_special 8 API calls 18415 7ff7de85336e 18412->18415 18413->18410 18416 7ff7de85641b 18414->18416 18417 7ff7de859070 3 API calls 18414->18417 18415->16462 18432 7ff7de8564f0 18415->18432 18417->18416 18424->18412 18581 7ff7de8553f0 18432->18581 18691 7ff7de86b1c0 __GetCurrentState 45 API calls 18690->18691 18692 7ff7de86a451 18691->18692 18695 7ff7de86a574 18692->18695 18704 7ff7de8736c0 18695->18704 18730 7ff7de873678 18704->18730 18735 7ff7de870348 EnterCriticalSection 18730->18735 18793 7ff7de865698 18794 7ff7de8656cf 18793->18794 18795 7ff7de8656b2 18793->18795 18794->18795 18796 7ff7de8656e2 CreateFileW 18794->18796 18797 7ff7de864f58 _fread_nolock 11 API calls 18795->18797 18798 7ff7de86574c 18796->18798 18799 7ff7de865716 18796->18799 18800 7ff7de8656b7 18797->18800 18844 7ff7de865c74 18798->18844 18818 7ff7de8657ec GetFileType 18799->18818 18803 7ff7de864f78 _get_daylight 11 API calls 18800->18803 18806 7ff7de8656bf 18803->18806 18811 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 18806->18811 18807 7ff7de86572b CloseHandle 18813 7ff7de8656ca 18807->18813 18808 7ff7de865741 CloseHandle 18808->18813 18809 7ff7de865755 18814 7ff7de864eec _fread_nolock 11 API calls 18809->18814 18810 7ff7de865780 18865 7ff7de865a34 18810->18865 18811->18813 18817 7ff7de86575f 18814->18817 18817->18813 18819 7ff7de8658f7 18818->18819 18820 7ff7de86583a 18818->18820 18821 7ff7de8658ff 18819->18821 18822 7ff7de865921 18819->18822 18823 7ff7de865866 GetFileInformationByHandle 18820->18823 18828 7ff7de865b70 21 API calls 18820->18828 18824 7ff7de865903 18821->18824 18825 7ff7de865912 GetLastError 18821->18825 18827 7ff7de865944 PeekNamedPipe 18822->18827 18843 7ff7de8658e2 18822->18843 18823->18825 18826 7ff7de86588f 18823->18826 18829 7ff7de864f78 _get_daylight 11 API calls 18824->18829 18831 7ff7de864eec _fread_nolock 11 API calls 18825->18831 18830 7ff7de865a34 51 API calls 18826->18830 18827->18843 18832 7ff7de865854 18828->18832 18829->18843 18833 7ff7de86589a 18830->18833 18831->18843 18832->18823 18832->18843 18882 7ff7de865994 18833->18882 18834 7ff7de85c5c0 _log10_special 8 API calls 18836 7ff7de865724 18834->18836 18836->18807 18836->18808 18838 7ff7de865994 10 API calls 18839 7ff7de8658b9 18838->18839 18840 7ff7de865994 10 API calls 18839->18840 18841 7ff7de8658ca 18840->18841 18842 7ff7de864f78 _get_daylight 11 API calls 18841->18842 18841->18843 18842->18843 18843->18834 18845 7ff7de865caa 18844->18845 18846 7ff7de864f78 _get_daylight 11 API calls 18845->18846 18864 7ff7de865d42 __std_exception_destroy 18845->18864 18848 7ff7de865cbc 18846->18848 18847 7ff7de85c5c0 _log10_special 8 API calls 18850 7ff7de865751 18847->18850 18849 7ff7de864f78 _get_daylight 11 API calls 18848->18849 18851 7ff7de865cc4 18849->18851 18850->18809 18850->18810 18852 7ff7de867e78 45 API calls 18851->18852 18853 7ff7de865cd9 18852->18853 18854 7ff7de865ceb 18853->18854 18855 7ff7de865ce1 18853->18855 18857 7ff7de864f78 _get_daylight 11 API calls 18854->18857 18856 7ff7de864f78 _get_daylight 11 API calls 18855->18856 18860 7ff7de865ce6 18856->18860 18858 7ff7de865cf0 18857->18858 18859 7ff7de864f78 _get_daylight 11 API calls 18858->18859 18858->18864 18861 7ff7de865cfa 18859->18861 18862 7ff7de865d34 GetDriveTypeW 18860->18862 18860->18864 18863 7ff7de867e78 45 API calls 18861->18863 18862->18864 18863->18860 18864->18847 18866 7ff7de865a5c 18865->18866 18874 7ff7de86578d 18866->18874 18889 7ff7de86f794 18866->18889 18868 7ff7de865af0 18869 7ff7de86f794 51 API calls 18868->18869 18868->18874 18870 7ff7de865b03 18869->18870 18871 7ff7de86f794 51 API calls 18870->18871 18870->18874 18872 7ff7de865b16 18871->18872 18873 7ff7de86f794 51 API calls 18872->18873 18872->18874 18873->18874 18875 7ff7de865b70 18874->18875 18876 7ff7de865b8a 18875->18876 18877 7ff7de865bc1 18876->18877 18878 7ff7de865b9a 18876->18878 18879 7ff7de86f628 21 API calls 18877->18879 18880 7ff7de864eec _fread_nolock 11 API calls 18878->18880 18881 7ff7de865baa 18878->18881 18879->18881 18880->18881 18881->18817 18883 7ff7de8659bd FileTimeToSystemTime 18882->18883 18884 7ff7de8659b0 18882->18884 18885 7ff7de8659d1 SystemTimeToTzSpecificLocalTime 18883->18885 18886 7ff7de8659b8 18883->18886 18884->18883 18884->18886 18885->18886 18887 7ff7de85c5c0 _log10_special 8 API calls 18886->18887 18888 7ff7de8658a9 18887->18888 18888->18838 18890 7ff7de86f7c5 18889->18890 18891 7ff7de86f7a1 18889->18891 18893 7ff7de86f7ff 18890->18893 18896 7ff7de86f81e 18890->18896 18891->18890 18892 7ff7de86f7a6 18891->18892 18894 7ff7de864f78 _get_daylight 11 API calls 18892->18894 18895 7ff7de864f78 _get_daylight 11 API calls 18893->18895 18897 7ff7de86f7ab 18894->18897 18899 7ff7de86f804 18895->18899 18900 7ff7de864fbc 45 API calls 18896->18900 18898 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 18897->18898 18901 7ff7de86f7b6 18898->18901 18902 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 18899->18902 18905 7ff7de86f82b 18900->18905 18901->18868 18903 7ff7de86f80f 18902->18903 18903->18868 18904 7ff7de87054c 51 API calls 18904->18905 18905->18903 18905->18904 19311 7ff7de871720 19322 7ff7de877454 19311->19322 19323 7ff7de877461 19322->19323 19324 7ff7de86a9b8 __free_lconv_mon 11 API calls 19323->19324 19325 7ff7de87747d 19323->19325 19324->19323 19326 7ff7de86a9b8 __free_lconv_mon 11 API calls 19325->19326 19327 7ff7de871729 19325->19327 19326->19325 19328 7ff7de870348 EnterCriticalSection 19327->19328 20579 7ff7de87ac53 20580 7ff7de87ac63 20579->20580 20583 7ff7de8654e8 LeaveCriticalSection 20580->20583 18906 7ff7de85bb50 18907 7ff7de85bb7e 18906->18907 18908 7ff7de85bb65 18906->18908 18908->18907 18910 7ff7de86d66c 12 API calls 18908->18910 18909 7ff7de85bbde 18910->18909 19345 7ff7de870938 19346 7ff7de87095c 19345->19346 19349 7ff7de87096c 19345->19349 19347 7ff7de864f78 _get_daylight 11 API calls 19346->19347 19370 7ff7de870961 19347->19370 19348 7ff7de870c4c 19350 7ff7de864f78 _get_daylight 11 API calls 19348->19350 19349->19348 19351 7ff7de87098e 19349->19351 19352 7ff7de870c51 19350->19352 19353 7ff7de8709af 19351->19353 19476 7ff7de870ff4 19351->19476 19354 7ff7de86a9b8 __free_lconv_mon 11 API calls 19352->19354 19356 7ff7de870a21 19353->19356 19358 7ff7de8709d5 19353->19358 19362 7ff7de870a15 19353->19362 19354->19370 19360 7ff7de86ec08 _get_daylight 11 API calls 19356->19360 19375 7ff7de8709e4 19356->19375 19357 7ff7de870ace 19369 7ff7de870aeb 19357->19369 19376 7ff7de870b3d 19357->19376 19491 7ff7de869730 19358->19491 19363 7ff7de870a37 19360->19363 19362->19357 19362->19375 19497 7ff7de87719c 19362->19497 19366 7ff7de86a9b8 __free_lconv_mon 11 API calls 19363->19366 19365 7ff7de86a9b8 __free_lconv_mon 11 API calls 19365->19370 19371 7ff7de870a45 19366->19371 19367 7ff7de8709fd 19367->19362 19374 7ff7de870ff4 45 API calls 19367->19374 19368 7ff7de8709df 19372 7ff7de864f78 _get_daylight 11 API calls 19368->19372 19373 7ff7de86a9b8 __free_lconv_mon 11 API calls 19369->19373 19371->19362 19371->19375 19379 7ff7de86ec08 _get_daylight 11 API calls 19371->19379 19372->19375 19377 7ff7de870af4 19373->19377 19374->19362 19375->19365 19376->19375 19378 7ff7de87344c 40 API calls 19376->19378 19385 7ff7de870af9 19377->19385 19533 7ff7de87344c 19377->19533 19380 7ff7de870b7a 19378->19380 19382 7ff7de870a67 19379->19382 19383 7ff7de86a9b8 __free_lconv_mon 11 API calls 19380->19383 19388 7ff7de86a9b8 __free_lconv_mon 11 API calls 19382->19388 19384 7ff7de870b84 19383->19384 19384->19375 19384->19385 19386 7ff7de870c40 19385->19386 19391 7ff7de86ec08 _get_daylight 11 API calls 19385->19391 19390 7ff7de86a9b8 __free_lconv_mon 11 API calls 19386->19390 19387 7ff7de870b25 19389 7ff7de86a9b8 __free_lconv_mon 11 API calls 19387->19389 19388->19362 19389->19385 19390->19370 19392 7ff7de870bc8 19391->19392 19393 7ff7de870bd9 19392->19393 19394 7ff7de870bd0 19392->19394 19396 7ff7de86a514 __std_exception_copy 37 API calls 19393->19396 19395 7ff7de86a9b8 __free_lconv_mon 11 API calls 19394->19395 19397 7ff7de870bd7 19395->19397 19398 7ff7de870be8 19396->19398 19403 7ff7de86a9b8 __free_lconv_mon 11 API calls 19397->19403 19399 7ff7de870c7b 19398->19399 19400 7ff7de870bf0 19398->19400 19402 7ff7de86a970 _isindst 17 API calls 19399->19402 19542 7ff7de8772b4 19400->19542 19405 7ff7de870c8f 19402->19405 19403->19370 19408 7ff7de870cb8 19405->19408 19416 7ff7de870cc8 19405->19416 19406 7ff7de870c17 19409 7ff7de864f78 _get_daylight 11 API calls 19406->19409 19407 7ff7de870c38 19411 7ff7de86a9b8 __free_lconv_mon 11 API calls 19407->19411 19410 7ff7de864f78 _get_daylight 11 API calls 19408->19410 19412 7ff7de870c1c 19409->19412 19413 7ff7de870cbd 19410->19413 19411->19386 19414 7ff7de86a9b8 __free_lconv_mon 11 API calls 19412->19414 19414->19397 19415 7ff7de870fab 19417 7ff7de864f78 _get_daylight 11 API calls 19415->19417 19416->19415 19418 7ff7de870cea 19416->19418 19420 7ff7de870fb0 19417->19420 19419 7ff7de870d07 19418->19419 19561 7ff7de8710dc 19418->19561 19423 7ff7de870d7b 19419->19423 19424 7ff7de870d6f 19419->19424 19425 7ff7de870d2f 19419->19425 19422 7ff7de86a9b8 __free_lconv_mon 11 API calls 19420->19422 19422->19413 19428 7ff7de86ec08 _get_daylight 11 API calls 19423->19428 19441 7ff7de870d3e 19423->19441 19446 7ff7de870da3 19423->19446 19437 7ff7de870e2e 19424->19437 19424->19441 19582 7ff7de87705c 19424->19582 19576 7ff7de86976c 19425->19576 19432 7ff7de870d95 19428->19432 19430 7ff7de86ec08 _get_daylight 11 API calls 19434 7ff7de870dc5 19430->19434 19431 7ff7de86a9b8 __free_lconv_mon 11 API calls 19431->19413 19438 7ff7de86a9b8 __free_lconv_mon 11 API calls 19432->19438 19433 7ff7de870d39 19439 7ff7de864f78 _get_daylight 11 API calls 19433->19439 19442 7ff7de86a9b8 __free_lconv_mon 11 API calls 19434->19442 19435 7ff7de870e4b 19443 7ff7de86a9b8 __free_lconv_mon 11 API calls 19435->19443 19436 7ff7de870d57 19436->19424 19445 7ff7de8710dc 45 API calls 19436->19445 19437->19435 19440 7ff7de870e9e 19437->19440 19438->19446 19439->19441 19440->19441 19447 7ff7de87344c 40 API calls 19440->19447 19441->19431 19442->19424 19444 7ff7de870e54 19443->19444 19450 7ff7de87344c 40 API calls 19444->19450 19452 7ff7de870e5a 19444->19452 19445->19424 19446->19424 19446->19430 19446->19441 19448 7ff7de870edc 19447->19448 19449 7ff7de86a9b8 __free_lconv_mon 11 API calls 19448->19449 19451 7ff7de870ee6 19449->19451 19454 7ff7de870e86 19450->19454 19451->19441 19451->19452 19453 7ff7de870f9f 19452->19453 19457 7ff7de86ec08 _get_daylight 11 API calls 19452->19457 19456 7ff7de86a9b8 __free_lconv_mon 11 API calls 19453->19456 19455 7ff7de86a9b8 __free_lconv_mon 11 API calls 19454->19455 19455->19452 19456->19413 19458 7ff7de870f2b 19457->19458 19459 7ff7de870f3c 19458->19459 19460 7ff7de870f33 19458->19460 19462 7ff7de8704e4 37 API calls 19459->19462 19461 7ff7de86a9b8 __free_lconv_mon 11 API calls 19460->19461 19464 7ff7de870f3a 19461->19464 19463 7ff7de870f4a 19462->19463 19465 7ff7de870f52 SetEnvironmentVariableW 19463->19465 19466 7ff7de870fdf 19463->19466 19470 7ff7de86a9b8 __free_lconv_mon 11 API calls 19464->19470 19467 7ff7de870f97 19465->19467 19468 7ff7de870f76 19465->19468 19469 7ff7de86a970 _isindst 17 API calls 19466->19469 19473 7ff7de86a9b8 __free_lconv_mon 11 API calls 19467->19473 19471 7ff7de864f78 _get_daylight 11 API calls 19468->19471 19472 7ff7de870ff3 19469->19472 19470->19413 19474 7ff7de870f7b 19471->19474 19473->19453 19475 7ff7de86a9b8 __free_lconv_mon 11 API calls 19474->19475 19475->19464 19477 7ff7de871029 19476->19477 19478 7ff7de871011 19476->19478 19479 7ff7de86ec08 _get_daylight 11 API calls 19477->19479 19478->19353 19486 7ff7de87104d 19479->19486 19480 7ff7de8710d2 19482 7ff7de86a574 __GetCurrentState 45 API calls 19480->19482 19481 7ff7de8710ae 19484 7ff7de86a9b8 __free_lconv_mon 11 API calls 19481->19484 19483 7ff7de8710d8 19482->19483 19484->19478 19485 7ff7de86ec08 _get_daylight 11 API calls 19485->19486 19486->19480 19486->19481 19486->19485 19487 7ff7de86a9b8 __free_lconv_mon 11 API calls 19486->19487 19488 7ff7de86a514 __std_exception_copy 37 API calls 19486->19488 19489 7ff7de8710bd 19486->19489 19487->19486 19488->19486 19490 7ff7de86a970 _isindst 17 API calls 19489->19490 19490->19480 19492 7ff7de869740 19491->19492 19495 7ff7de869749 19491->19495 19492->19495 19606 7ff7de869208 19492->19606 19495->19367 19495->19368 19498 7ff7de8771a9 19497->19498 19499 7ff7de8762c4 19497->19499 19501 7ff7de864fbc 45 API calls 19498->19501 19500 7ff7de8762d1 19499->19500 19505 7ff7de876307 19499->19505 19504 7ff7de864f78 _get_daylight 11 API calls 19500->19504 19520 7ff7de876278 19500->19520 19502 7ff7de8771dd 19501->19502 19506 7ff7de8771e2 19502->19506 19512 7ff7de8771f3 19502->19512 19515 7ff7de87720a 19502->19515 19503 7ff7de876331 19507 7ff7de864f78 _get_daylight 11 API calls 19503->19507 19508 7ff7de8762db 19504->19508 19505->19503 19511 7ff7de876356 19505->19511 19506->19362 19509 7ff7de876336 19507->19509 19510 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19508->19510 19513 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19509->19513 19514 7ff7de8762e6 19510->19514 19521 7ff7de864fbc 45 API calls 19511->19521 19524 7ff7de876341 19511->19524 19516 7ff7de864f78 _get_daylight 11 API calls 19512->19516 19513->19524 19514->19362 19518 7ff7de877226 19515->19518 19519 7ff7de877214 19515->19519 19517 7ff7de8771f8 19516->19517 19522 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19517->19522 19525 7ff7de87724e 19518->19525 19526 7ff7de877237 19518->19526 19523 7ff7de864f78 _get_daylight 11 API calls 19519->19523 19520->19362 19521->19524 19522->19506 19527 7ff7de877219 19523->19527 19524->19362 19838 7ff7de878fbc 19525->19838 19829 7ff7de876314 19526->19829 19530 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19527->19530 19530->19506 19532 7ff7de864f78 _get_daylight 11 API calls 19532->19506 19534 7ff7de87346e 19533->19534 19535 7ff7de87348b 19533->19535 19534->19535 19536 7ff7de87347c 19534->19536 19537 7ff7de873495 19535->19537 19878 7ff7de877ca8 19535->19878 19538 7ff7de864f78 _get_daylight 11 API calls 19536->19538 19885 7ff7de877ce4 19537->19885 19541 7ff7de873481 memcpy_s 19538->19541 19541->19387 19543 7ff7de864fbc 45 API calls 19542->19543 19544 7ff7de87731a 19543->19544 19545 7ff7de877328 19544->19545 19897 7ff7de86ef94 19544->19897 19900 7ff7de86551c 19545->19900 19549 7ff7de877414 19552 7ff7de877425 19549->19552 19553 7ff7de86a9b8 __free_lconv_mon 11 API calls 19549->19553 19550 7ff7de864fbc 45 API calls 19551 7ff7de877397 19550->19551 19556 7ff7de86ef94 5 API calls 19551->19556 19558 7ff7de8773a0 19551->19558 19554 7ff7de870c13 19552->19554 19555 7ff7de86a9b8 __free_lconv_mon 11 API calls 19552->19555 19553->19552 19554->19406 19554->19407 19555->19554 19556->19558 19557 7ff7de86551c 14 API calls 19559 7ff7de8773fb 19557->19559 19558->19557 19559->19549 19560 7ff7de877403 SetEnvironmentVariableW 19559->19560 19560->19549 19562 7ff7de87111c 19561->19562 19569 7ff7de8710ff 19561->19569 19563 7ff7de86ec08 _get_daylight 11 API calls 19562->19563 19564 7ff7de871140 19563->19564 19565 7ff7de8711a1 19564->19565 19570 7ff7de86ec08 _get_daylight 11 API calls 19564->19570 19571 7ff7de86a9b8 __free_lconv_mon 11 API calls 19564->19571 19572 7ff7de8704e4 37 API calls 19564->19572 19573 7ff7de8711b0 19564->19573 19575 7ff7de8711c4 19564->19575 19567 7ff7de86a9b8 __free_lconv_mon 11 API calls 19565->19567 19566 7ff7de86a574 __GetCurrentState 45 API calls 19568 7ff7de8711ca 19566->19568 19567->19569 19569->19419 19570->19564 19571->19564 19572->19564 19574 7ff7de86a970 _isindst 17 API calls 19573->19574 19574->19575 19575->19566 19577 7ff7de86977c 19576->19577 19580 7ff7de869785 19576->19580 19577->19580 19922 7ff7de86927c 19577->19922 19580->19433 19580->19436 19583 7ff7de877069 19582->19583 19587 7ff7de877096 19582->19587 19584 7ff7de87706e 19583->19584 19583->19587 19585 7ff7de864f78 _get_daylight 11 API calls 19584->19585 19588 7ff7de877073 19585->19588 19586 7ff7de8770da 19589 7ff7de864f78 _get_daylight 11 API calls 19586->19589 19587->19586 19590 7ff7de8770f9 19587->19590 19604 7ff7de8770ce __crtLCMapStringW 19587->19604 19591 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19588->19591 19592 7ff7de8770df 19589->19592 19593 7ff7de877115 19590->19593 19594 7ff7de877103 19590->19594 19595 7ff7de87707e 19591->19595 19597 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19592->19597 19596 7ff7de864fbc 45 API calls 19593->19596 19598 7ff7de864f78 _get_daylight 11 API calls 19594->19598 19595->19424 19599 7ff7de877122 19596->19599 19597->19604 19600 7ff7de877108 19598->19600 19599->19604 19969 7ff7de878b78 19599->19969 19601 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19600->19601 19601->19604 19604->19424 19605 7ff7de864f78 _get_daylight 11 API calls 19605->19604 19607 7ff7de86921d 19606->19607 19608 7ff7de869221 19606->19608 19607->19495 19621 7ff7de86955c 19607->19621 19629 7ff7de872660 19608->19629 19613 7ff7de869233 19615 7ff7de86a9b8 __free_lconv_mon 11 API calls 19613->19615 19614 7ff7de86923f 19655 7ff7de8692ec 19614->19655 19615->19607 19618 7ff7de86a9b8 __free_lconv_mon 11 API calls 19619 7ff7de869266 19618->19619 19620 7ff7de86a9b8 __free_lconv_mon 11 API calls 19619->19620 19620->19607 19622 7ff7de869585 19621->19622 19623 7ff7de86959e 19621->19623 19622->19495 19623->19622 19624 7ff7de86ec08 _get_daylight 11 API calls 19623->19624 19625 7ff7de86962e 19623->19625 19626 7ff7de870858 WideCharToMultiByte 19623->19626 19628 7ff7de86a9b8 __free_lconv_mon 11 API calls 19623->19628 19624->19623 19627 7ff7de86a9b8 __free_lconv_mon 11 API calls 19625->19627 19626->19623 19627->19622 19628->19623 19630 7ff7de87266d 19629->19630 19631 7ff7de869226 19629->19631 19674 7ff7de86b294 19630->19674 19635 7ff7de87299c GetEnvironmentStringsW 19631->19635 19636 7ff7de8729cc 19635->19636 19637 7ff7de86922b 19635->19637 19638 7ff7de870858 WideCharToMultiByte 19636->19638 19637->19613 19637->19614 19639 7ff7de872a1d 19638->19639 19640 7ff7de872a24 FreeEnvironmentStringsW 19639->19640 19641 7ff7de86d66c _fread_nolock 12 API calls 19639->19641 19640->19637 19642 7ff7de872a37 19641->19642 19643 7ff7de872a48 19642->19643 19644 7ff7de872a3f 19642->19644 19646 7ff7de870858 WideCharToMultiByte 19643->19646 19645 7ff7de86a9b8 __free_lconv_mon 11 API calls 19644->19645 19647 7ff7de872a46 19645->19647 19648 7ff7de872a6b 19646->19648 19647->19640 19649 7ff7de872a79 19648->19649 19650 7ff7de872a6f 19648->19650 19651 7ff7de86a9b8 __free_lconv_mon 11 API calls 19649->19651 19652 7ff7de86a9b8 __free_lconv_mon 11 API calls 19650->19652 19653 7ff7de872a77 FreeEnvironmentStringsW 19651->19653 19652->19653 19653->19637 19656 7ff7de869311 19655->19656 19657 7ff7de86ec08 _get_daylight 11 API calls 19656->19657 19670 7ff7de869347 19657->19670 19658 7ff7de86934f 19659 7ff7de86a9b8 __free_lconv_mon 11 API calls 19658->19659 19660 7ff7de869247 19659->19660 19660->19618 19661 7ff7de8693c2 19662 7ff7de86a9b8 __free_lconv_mon 11 API calls 19661->19662 19662->19660 19663 7ff7de86ec08 _get_daylight 11 API calls 19663->19670 19664 7ff7de8693b1 19823 7ff7de869518 19664->19823 19666 7ff7de86a514 __std_exception_copy 37 API calls 19666->19670 19668 7ff7de86a9b8 __free_lconv_mon 11 API calls 19668->19658 19669 7ff7de8693e7 19672 7ff7de86a970 _isindst 17 API calls 19669->19672 19670->19658 19670->19661 19670->19663 19670->19664 19670->19666 19670->19669 19671 7ff7de86a9b8 __free_lconv_mon 11 API calls 19670->19671 19671->19670 19673 7ff7de8693fa 19672->19673 19675 7ff7de86b2a5 FlsGetValue 19674->19675 19676 7ff7de86b2c0 FlsSetValue 19674->19676 19677 7ff7de86b2ba 19675->19677 19678 7ff7de86b2b2 19675->19678 19676->19678 19679 7ff7de86b2cd 19676->19679 19677->19676 19681 7ff7de86b2b8 19678->19681 19682 7ff7de86a574 __GetCurrentState 45 API calls 19678->19682 19680 7ff7de86ec08 _get_daylight 11 API calls 19679->19680 19683 7ff7de86b2dc 19680->19683 19694 7ff7de872334 19681->19694 19684 7ff7de86b335 19682->19684 19685 7ff7de86b2fa FlsSetValue 19683->19685 19686 7ff7de86b2ea FlsSetValue 19683->19686 19688 7ff7de86b318 19685->19688 19689 7ff7de86b306 FlsSetValue 19685->19689 19687 7ff7de86b2f3 19686->19687 19690 7ff7de86a9b8 __free_lconv_mon 11 API calls 19687->19690 19691 7ff7de86af64 _get_daylight 11 API calls 19688->19691 19689->19687 19690->19678 19692 7ff7de86b320 19691->19692 19693 7ff7de86a9b8 __free_lconv_mon 11 API calls 19692->19693 19693->19681 19717 7ff7de8725a4 19694->19717 19696 7ff7de872369 19732 7ff7de872034 19696->19732 19699 7ff7de86d66c _fread_nolock 12 API calls 19700 7ff7de872397 19699->19700 19701 7ff7de87239f 19700->19701 19703 7ff7de8723ae 19700->19703 19702 7ff7de86a9b8 __free_lconv_mon 11 API calls 19701->19702 19716 7ff7de872386 19702->19716 19703->19703 19739 7ff7de8726dc 19703->19739 19706 7ff7de8724aa 19707 7ff7de864f78 _get_daylight 11 API calls 19706->19707 19708 7ff7de8724af 19707->19708 19710 7ff7de86a9b8 __free_lconv_mon 11 API calls 19708->19710 19709 7ff7de872505 19715 7ff7de87256c 19709->19715 19750 7ff7de871e64 19709->19750 19710->19716 19711 7ff7de8724c4 19711->19709 19714 7ff7de86a9b8 __free_lconv_mon 11 API calls 19711->19714 19713 7ff7de86a9b8 __free_lconv_mon 11 API calls 19713->19716 19714->19709 19715->19713 19716->19631 19718 7ff7de8725c7 19717->19718 19719 7ff7de8725d1 19718->19719 19765 7ff7de870348 EnterCriticalSection 19718->19765 19721 7ff7de872643 19719->19721 19724 7ff7de86a574 __GetCurrentState 45 API calls 19719->19724 19721->19696 19725 7ff7de87265b 19724->19725 19728 7ff7de8726b2 19725->19728 19729 7ff7de86b294 50 API calls 19725->19729 19728->19696 19730 7ff7de87269c 19729->19730 19731 7ff7de872334 65 API calls 19730->19731 19731->19728 19733 7ff7de864fbc 45 API calls 19732->19733 19734 7ff7de872048 19733->19734 19735 7ff7de872066 19734->19735 19736 7ff7de872054 GetOEMCP 19734->19736 19737 7ff7de87206b GetACP 19735->19737 19738 7ff7de87207b 19735->19738 19736->19738 19737->19738 19738->19699 19738->19716 19740 7ff7de872034 47 API calls 19739->19740 19741 7ff7de872709 19740->19741 19742 7ff7de87285f 19741->19742 19744 7ff7de872746 IsValidCodePage 19741->19744 19749 7ff7de872760 memcpy_s 19741->19749 19743 7ff7de85c5c0 _log10_special 8 API calls 19742->19743 19745 7ff7de8724a1 19743->19745 19744->19742 19746 7ff7de872757 19744->19746 19745->19706 19745->19711 19747 7ff7de872786 GetCPInfo 19746->19747 19746->19749 19747->19742 19747->19749 19766 7ff7de87214c 19749->19766 19822 7ff7de870348 EnterCriticalSection 19750->19822 19767 7ff7de872189 GetCPInfo 19766->19767 19768 7ff7de87227f 19766->19768 19767->19768 19774 7ff7de87219c 19767->19774 19769 7ff7de85c5c0 _log10_special 8 API calls 19768->19769 19771 7ff7de87231e 19769->19771 19770 7ff7de872eb0 48 API calls 19772 7ff7de872213 19770->19772 19771->19742 19777 7ff7de877bf4 19772->19777 19774->19770 19776 7ff7de877bf4 54 API calls 19776->19768 19778 7ff7de864fbc 45 API calls 19777->19778 19779 7ff7de877c19 19778->19779 19782 7ff7de8778c0 19779->19782 19783 7ff7de877901 19782->19783 19784 7ff7de86f910 _fread_nolock MultiByteToWideChar 19783->19784 19787 7ff7de87794b 19784->19787 19785 7ff7de877bc9 19786 7ff7de85c5c0 _log10_special 8 API calls 19785->19786 19788 7ff7de872246 19786->19788 19787->19785 19789 7ff7de86d66c _fread_nolock 12 API calls 19787->19789 19791 7ff7de877983 19787->19791 19802 7ff7de877a81 19787->19802 19788->19776 19789->19791 19790 7ff7de86a9b8 __free_lconv_mon 11 API calls 19790->19785 19792 7ff7de86f910 _fread_nolock MultiByteToWideChar 19791->19792 19791->19802 19793 7ff7de8779f6 19792->19793 19793->19802 19813 7ff7de86f154 19793->19813 19796 7ff7de877a41 19799 7ff7de86f154 __crtLCMapStringW 6 API calls 19796->19799 19796->19802 19797 7ff7de877a92 19798 7ff7de86d66c _fread_nolock 12 API calls 19797->19798 19800 7ff7de877b64 19797->19800 19801 7ff7de877ab0 19797->19801 19798->19801 19799->19802 19800->19802 19803 7ff7de86a9b8 __free_lconv_mon 11 API calls 19800->19803 19801->19802 19804 7ff7de86f154 __crtLCMapStringW 6 API calls 19801->19804 19802->19785 19802->19790 19803->19802 19805 7ff7de877b30 19804->19805 19805->19800 19806 7ff7de877b66 19805->19806 19807 7ff7de877b50 19805->19807 19808 7ff7de870858 WideCharToMultiByte 19806->19808 19809 7ff7de870858 WideCharToMultiByte 19807->19809 19810 7ff7de877b5e 19808->19810 19809->19810 19810->19800 19811 7ff7de877b7e 19810->19811 19811->19802 19812 7ff7de86a9b8 __free_lconv_mon 11 API calls 19811->19812 19812->19802 19814 7ff7de86ed80 __crtLCMapStringW 5 API calls 19813->19814 19815 7ff7de86f192 19814->19815 19816 7ff7de86f19a 19815->19816 19819 7ff7de86f240 19815->19819 19816->19796 19816->19797 19816->19802 19818 7ff7de86f203 LCMapStringW 19818->19816 19820 7ff7de86ed80 __crtLCMapStringW 5 API calls 19819->19820 19821 7ff7de86f26e __crtLCMapStringW 19820->19821 19821->19818 19824 7ff7de86951d 19823->19824 19825 7ff7de8693b9 19823->19825 19826 7ff7de869546 19824->19826 19828 7ff7de86a9b8 __free_lconv_mon 11 API calls 19824->19828 19825->19668 19827 7ff7de86a9b8 __free_lconv_mon 11 API calls 19826->19827 19827->19825 19828->19824 19830 7ff7de876348 19829->19830 19831 7ff7de876331 19829->19831 19830->19831 19835 7ff7de876356 19830->19835 19832 7ff7de864f78 _get_daylight 11 API calls 19831->19832 19833 7ff7de876336 19832->19833 19834 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19833->19834 19837 7ff7de876341 19834->19837 19836 7ff7de864fbc 45 API calls 19835->19836 19835->19837 19836->19837 19837->19506 19839 7ff7de864fbc 45 API calls 19838->19839 19840 7ff7de878fe1 19839->19840 19843 7ff7de878c38 19840->19843 19846 7ff7de878c86 19843->19846 19844 7ff7de85c5c0 _log10_special 8 API calls 19845 7ff7de877275 19844->19845 19845->19506 19845->19532 19847 7ff7de878d0d 19846->19847 19849 7ff7de878cf8 GetCPInfo 19846->19849 19870 7ff7de878d11 19846->19870 19848 7ff7de86f910 _fread_nolock MultiByteToWideChar 19847->19848 19847->19870 19850 7ff7de878da5 19848->19850 19849->19847 19849->19870 19851 7ff7de86d66c _fread_nolock 12 API calls 19850->19851 19852 7ff7de878ddc 19850->19852 19850->19870 19851->19852 19853 7ff7de86f910 _fread_nolock MultiByteToWideChar 19852->19853 19852->19870 19854 7ff7de878e4a 19853->19854 19855 7ff7de878f2c 19854->19855 19856 7ff7de86f910 _fread_nolock MultiByteToWideChar 19854->19856 19857 7ff7de86a9b8 __free_lconv_mon 11 API calls 19855->19857 19855->19870 19858 7ff7de878e70 19856->19858 19857->19870 19858->19855 19859 7ff7de86d66c _fread_nolock 12 API calls 19858->19859 19860 7ff7de878e9d 19858->19860 19859->19860 19860->19855 19861 7ff7de86f910 _fread_nolock MultiByteToWideChar 19860->19861 19862 7ff7de878f14 19861->19862 19863 7ff7de878f1a 19862->19863 19864 7ff7de878f34 19862->19864 19863->19855 19866 7ff7de86a9b8 __free_lconv_mon 11 API calls 19863->19866 19872 7ff7de86efd8 19864->19872 19866->19855 19868 7ff7de878f73 19868->19870 19871 7ff7de86a9b8 __free_lconv_mon 11 API calls 19868->19871 19869 7ff7de86a9b8 __free_lconv_mon 11 API calls 19869->19868 19870->19844 19871->19870 19873 7ff7de86ed80 __crtLCMapStringW 5 API calls 19872->19873 19874 7ff7de86f016 19873->19874 19875 7ff7de86f01e 19874->19875 19876 7ff7de86f240 __crtLCMapStringW 5 API calls 19874->19876 19875->19868 19875->19869 19877 7ff7de86f087 CompareStringW 19876->19877 19877->19875 19879 7ff7de877cca HeapSize 19878->19879 19880 7ff7de877cb1 19878->19880 19881 7ff7de864f78 _get_daylight 11 API calls 19880->19881 19882 7ff7de877cb6 19881->19882 19883 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19882->19883 19884 7ff7de877cc1 19883->19884 19884->19537 19886 7ff7de877cf9 19885->19886 19887 7ff7de877d03 19885->19887 19888 7ff7de86d66c _fread_nolock 12 API calls 19886->19888 19889 7ff7de877d08 19887->19889 19895 7ff7de877d0f _get_daylight 19887->19895 19894 7ff7de877d01 19888->19894 19892 7ff7de86a9b8 __free_lconv_mon 11 API calls 19889->19892 19890 7ff7de877d15 19893 7ff7de864f78 _get_daylight 11 API calls 19890->19893 19891 7ff7de877d42 HeapReAlloc 19891->19894 19891->19895 19892->19894 19893->19894 19894->19541 19895->19890 19895->19891 19896 7ff7de873600 _get_daylight 2 API calls 19895->19896 19896->19895 19898 7ff7de86ed80 __crtLCMapStringW 5 API calls 19897->19898 19899 7ff7de86efb4 19898->19899 19899->19545 19901 7ff7de86556a 19900->19901 19902 7ff7de865546 19900->19902 19903 7ff7de8655c4 19901->19903 19904 7ff7de86556f 19901->19904 19906 7ff7de86a9b8 __free_lconv_mon 11 API calls 19902->19906 19908 7ff7de865555 19902->19908 19905 7ff7de86f910 _fread_nolock MultiByteToWideChar 19903->19905 19904->19908 19909 7ff7de865584 19904->19909 19911 7ff7de86a9b8 __free_lconv_mon 11 API calls 19904->19911 19907 7ff7de8655e0 19905->19907 19906->19908 19910 7ff7de8655e7 GetLastError 19907->19910 19916 7ff7de865615 19907->19916 19919 7ff7de86a9b8 __free_lconv_mon 11 API calls 19907->19919 19921 7ff7de865622 19907->19921 19908->19549 19908->19550 19912 7ff7de86d66c _fread_nolock 12 API calls 19909->19912 19913 7ff7de864eec _fread_nolock 11 API calls 19910->19913 19911->19909 19912->19908 19915 7ff7de8655f4 19913->19915 19914 7ff7de86f910 _fread_nolock MultiByteToWideChar 19917 7ff7de865666 19914->19917 19918 7ff7de864f78 _get_daylight 11 API calls 19915->19918 19920 7ff7de86d66c _fread_nolock 12 API calls 19916->19920 19917->19908 19917->19910 19918->19908 19919->19916 19920->19921 19921->19908 19921->19914 19923 7ff7de869295 19922->19923 19924 7ff7de869291 19922->19924 19943 7ff7de872aac GetEnvironmentStringsW 19923->19943 19924->19580 19935 7ff7de86963c 19924->19935 19927 7ff7de8692ae 19950 7ff7de8693fc 19927->19950 19928 7ff7de8692a2 19930 7ff7de86a9b8 __free_lconv_mon 11 API calls 19928->19930 19930->19924 19932 7ff7de86a9b8 __free_lconv_mon 11 API calls 19933 7ff7de8692d5 19932->19933 19934 7ff7de86a9b8 __free_lconv_mon 11 API calls 19933->19934 19934->19924 19936 7ff7de86965f 19935->19936 19941 7ff7de869676 19935->19941 19936->19580 19937 7ff7de86ec08 _get_daylight 11 API calls 19937->19941 19938 7ff7de8696ea 19940 7ff7de86a9b8 __free_lconv_mon 11 API calls 19938->19940 19939 7ff7de86f910 MultiByteToWideChar _fread_nolock 19939->19941 19940->19936 19941->19936 19941->19937 19941->19938 19941->19939 19942 7ff7de86a9b8 __free_lconv_mon 11 API calls 19941->19942 19942->19941 19944 7ff7de86929a 19943->19944 19945 7ff7de872ad0 19943->19945 19944->19927 19944->19928 19946 7ff7de86d66c _fread_nolock 12 API calls 19945->19946 19947 7ff7de872b07 memcpy_s 19946->19947 19948 7ff7de86a9b8 __free_lconv_mon 11 API calls 19947->19948 19949 7ff7de872b27 FreeEnvironmentStringsW 19948->19949 19949->19944 19951 7ff7de869424 19950->19951 19952 7ff7de86ec08 _get_daylight 11 API calls 19951->19952 19962 7ff7de86945f 19952->19962 19953 7ff7de86a9b8 __free_lconv_mon 11 API calls 19954 7ff7de8692b6 19953->19954 19954->19932 19955 7ff7de8694e1 19956 7ff7de86a9b8 __free_lconv_mon 11 API calls 19955->19956 19956->19954 19957 7ff7de86ec08 _get_daylight 11 API calls 19957->19962 19958 7ff7de8694d0 19959 7ff7de869518 11 API calls 19958->19959 19961 7ff7de8694d8 19959->19961 19960 7ff7de8704e4 37 API calls 19960->19962 19963 7ff7de86a9b8 __free_lconv_mon 11 API calls 19961->19963 19962->19955 19962->19957 19962->19958 19962->19960 19964 7ff7de869504 19962->19964 19965 7ff7de869467 19962->19965 19967 7ff7de86a9b8 __free_lconv_mon 11 API calls 19962->19967 19963->19965 19966 7ff7de86a970 _isindst 17 API calls 19964->19966 19965->19953 19968 7ff7de869516 19966->19968 19967->19962 19971 7ff7de878ba1 __crtLCMapStringW 19969->19971 19970 7ff7de87715e 19970->19604 19970->19605 19971->19970 19972 7ff7de86efd8 6 API calls 19971->19972 19972->19970 19049 7ff7de85cbc0 19050 7ff7de85cbd0 19049->19050 19066 7ff7de869c18 19050->19066 19052 7ff7de85cbdc 19072 7ff7de85ceb8 19052->19072 19054 7ff7de85cc49 19055 7ff7de85d19c 7 API calls 19054->19055 19065 7ff7de85cc65 19054->19065 19057 7ff7de85cc75 19055->19057 19056 7ff7de85cbf4 _RTC_Initialize 19056->19054 19077 7ff7de85d068 19056->19077 19059 7ff7de85cc09 19080 7ff7de869084 19059->19080 19067 7ff7de869c29 19066->19067 19068 7ff7de869c31 19067->19068 19069 7ff7de864f78 _get_daylight 11 API calls 19067->19069 19068->19052 19070 7ff7de869c40 19069->19070 19071 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19070->19071 19071->19068 19073 7ff7de85cec9 19072->19073 19076 7ff7de85cece __scrt_release_startup_lock 19072->19076 19074 7ff7de85d19c 7 API calls 19073->19074 19073->19076 19075 7ff7de85cf42 19074->19075 19076->19056 19105 7ff7de85d02c 19077->19105 19079 7ff7de85d071 19079->19059 19081 7ff7de85cc15 19080->19081 19082 7ff7de8690a4 19080->19082 19081->19054 19104 7ff7de85d13c InitializeSListHead 19081->19104 19083 7ff7de8690ac 19082->19083 19084 7ff7de8690c2 GetModuleFileNameW 19082->19084 19085 7ff7de864f78 _get_daylight 11 API calls 19083->19085 19088 7ff7de8690ed 19084->19088 19086 7ff7de8690b1 19085->19086 19087 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 19086->19087 19087->19081 19120 7ff7de869024 19088->19120 19091 7ff7de869135 19092 7ff7de864f78 _get_daylight 11 API calls 19091->19092 19093 7ff7de86913a 19092->19093 19094 7ff7de86a9b8 __free_lconv_mon 11 API calls 19093->19094 19094->19081 19095 7ff7de86914d 19096 7ff7de86916f 19095->19096 19098 7ff7de86919b 19095->19098 19099 7ff7de8691b4 19095->19099 19097 7ff7de86a9b8 __free_lconv_mon 11 API calls 19096->19097 19097->19081 19100 7ff7de86a9b8 __free_lconv_mon 11 API calls 19098->19100 19101 7ff7de86a9b8 __free_lconv_mon 11 API calls 19099->19101 19102 7ff7de8691a4 19100->19102 19101->19096 19103 7ff7de86a9b8 __free_lconv_mon 11 API calls 19102->19103 19103->19081 19106 7ff7de85d046 19105->19106 19108 7ff7de85d03f 19105->19108 19109 7ff7de86a25c 19106->19109 19108->19079 19112 7ff7de869e98 19109->19112 19119 7ff7de870348 EnterCriticalSection 19112->19119 19121 7ff7de86903c 19120->19121 19122 7ff7de869074 19120->19122 19121->19122 19123 7ff7de86ec08 _get_daylight 11 API calls 19121->19123 19122->19091 19122->19095 19124 7ff7de86906a 19123->19124 19125 7ff7de86a9b8 __free_lconv_mon 11 API calls 19124->19125 19125->19122 19129 7ff7de869dc0 19132 7ff7de869d3c 19129->19132 19139 7ff7de870348 EnterCriticalSection 19132->19139 20584 7ff7de86b040 20585 7ff7de86b045 20584->20585 20586 7ff7de86b05a 20584->20586 20590 7ff7de86b060 20585->20590 20591 7ff7de86b0aa 20590->20591 20592 7ff7de86b0a2 20590->20592 20594 7ff7de86a9b8 __free_lconv_mon 11 API calls 20591->20594 20593 7ff7de86a9b8 __free_lconv_mon 11 API calls 20592->20593 20593->20591 20595 7ff7de86b0b7 20594->20595 20596 7ff7de86a9b8 __free_lconv_mon 11 API calls 20595->20596 20597 7ff7de86b0c4 20596->20597 20598 7ff7de86a9b8 __free_lconv_mon 11 API calls 20597->20598 20599 7ff7de86b0d1 20598->20599 20600 7ff7de86a9b8 __free_lconv_mon 11 API calls 20599->20600 20601 7ff7de86b0de 20600->20601 20602 7ff7de86a9b8 __free_lconv_mon 11 API calls 20601->20602 20603 7ff7de86b0eb 20602->20603 20604 7ff7de86a9b8 __free_lconv_mon 11 API calls 20603->20604 20605 7ff7de86b0f8 20604->20605 20606 7ff7de86a9b8 __free_lconv_mon 11 API calls 20605->20606 20607 7ff7de86b105 20606->20607 20608 7ff7de86a9b8 __free_lconv_mon 11 API calls 20607->20608 20609 7ff7de86b115 20608->20609 20610 7ff7de86a9b8 __free_lconv_mon 11 API calls 20609->20610 20611 7ff7de86b125 20610->20611 20616 7ff7de86af04 20611->20616 20630 7ff7de870348 EnterCriticalSection 20616->20630 20632 7ff7de87ae6e 20633 7ff7de87ae7d 20632->20633 20634 7ff7de87ae87 20632->20634 20636 7ff7de8703a8 LeaveCriticalSection 20633->20636 19146 7ff7de87add9 19149 7ff7de8654e8 LeaveCriticalSection 19146->19149 20018 7ff7de86c590 20029 7ff7de870348 EnterCriticalSection 20018->20029 18739 7ff7de86f9fc 18740 7ff7de86fbee 18739->18740 18742 7ff7de86fa3e _isindst 18739->18742 18741 7ff7de864f78 _get_daylight 11 API calls 18740->18741 18759 7ff7de86fbde 18741->18759 18742->18740 18745 7ff7de86fabe _isindst 18742->18745 18743 7ff7de85c5c0 _log10_special 8 API calls 18744 7ff7de86fc09 18743->18744 18760 7ff7de876204 18745->18760 18750 7ff7de86fc1a 18751 7ff7de86a970 _isindst 17 API calls 18750->18751 18753 7ff7de86fc2e 18751->18753 18757 7ff7de86fb1b 18757->18759 18784 7ff7de876248 18757->18784 18759->18743 18761 7ff7de876213 18760->18761 18762 7ff7de86fadc 18760->18762 18791 7ff7de870348 EnterCriticalSection 18761->18791 18766 7ff7de875608 18762->18766 18767 7ff7de875611 18766->18767 18771 7ff7de86faf1 18766->18771 18768 7ff7de864f78 _get_daylight 11 API calls 18767->18768 18769 7ff7de875616 18768->18769 18770 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 18769->18770 18770->18771 18771->18750 18772 7ff7de875638 18771->18772 18773 7ff7de86fb02 18772->18773 18774 7ff7de875641 18772->18774 18773->18750 18778 7ff7de875668 18773->18778 18775 7ff7de864f78 _get_daylight 11 API calls 18774->18775 18776 7ff7de875646 18775->18776 18777 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 18776->18777 18777->18773 18779 7ff7de875671 18778->18779 18781 7ff7de86fb13 18778->18781 18780 7ff7de864f78 _get_daylight 11 API calls 18779->18780 18782 7ff7de875676 18780->18782 18781->18750 18781->18757 18783 7ff7de86a950 _invalid_parameter_noinfo 37 API calls 18782->18783 18783->18781 18792 7ff7de870348 EnterCriticalSection 18784->18792 20662 7ff7de865480 20663 7ff7de86548b 20662->20663 20671 7ff7de86f314 20663->20671 20684 7ff7de870348 EnterCriticalSection 20671->20684

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007FF7DE858BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 0 7ff7de858bd0-7ff7de858d16 call 7ff7de85c8c0 call 7ff7de859400 SetConsoleCtrlHandler GetStartupInfoW call 7ff7de865460 call 7ff7de86a4ec call 7ff7de86878c call 7ff7de865460 call 7ff7de86a4ec call 7ff7de86878c call 7ff7de865460 call 7ff7de86a4ec call 7ff7de86878c GetCommandLineW CreateProcessW 23 7ff7de858d3d-7ff7de858d79 RegisterClassW 0->23 24 7ff7de858d18-7ff7de858d38 GetLastError call 7ff7de852c50 0->24 26 7ff7de858d7b GetLastError 23->26 27 7ff7de858d81-7ff7de858dd5 CreateWindowExW 23->27 31 7ff7de859029-7ff7de85904f call 7ff7de85c5c0 24->31 26->27 29 7ff7de858dd7-7ff7de858ddd GetLastError 27->29 30 7ff7de858ddf-7ff7de858de4 ShowWindow 27->30 32 7ff7de858dea-7ff7de858dfa WaitForSingleObject 29->32 30->32 34 7ff7de858dfc 32->34 35 7ff7de858e78-7ff7de858e7f 32->35 39 7ff7de858e00-7ff7de858e03 34->39 36 7ff7de858ec2-7ff7de858ec9 35->36 37 7ff7de858e81-7ff7de858e91 WaitForSingleObject 35->37 42 7ff7de858fb0-7ff7de858fc9 GetMessageW 36->42 43 7ff7de858ecf-7ff7de858ee5 QueryPerformanceFrequency QueryPerformanceCounter 36->43 40 7ff7de858fe8-7ff7de858ff2 37->40 41 7ff7de858e97-7ff7de858ea7 TerminateProcess 37->41 44 7ff7de858e0b-7ff7de858e12 39->44 45 7ff7de858e05 GetLastError 39->45 46 7ff7de858ff4-7ff7de858ffa DestroyWindow 40->46 47 7ff7de859001-7ff7de859025 GetExitCodeProcess CloseHandle * 2 40->47 48 7ff7de858ea9 GetLastError 41->48 49 7ff7de858eaf-7ff7de858ebd WaitForSingleObject 41->49 52 7ff7de858fcb-7ff7de858fd9 TranslateMessage DispatchMessageW 42->52 53 7ff7de858fdf-7ff7de858fe6 42->53 50 7ff7de858ef0-7ff7de858f28 MsgWaitForMultipleObjects PeekMessageW 43->50 44->37 51 7ff7de858e14-7ff7de858e31 PeekMessageW 44->51 45->44 46->47 47->31 48->49 49->40 54 7ff7de858f2a 50->54 55 7ff7de858f63-7ff7de858f6a 50->55 56 7ff7de858e33-7ff7de858e64 TranslateMessage DispatchMessageW PeekMessageW 51->56 57 7ff7de858e66-7ff7de858e76 WaitForSingleObject 51->57 52->53 53->40 53->42 58 7ff7de858f30-7ff7de858f61 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->42 59 7ff7de858f6c-7ff7de858f95 QueryPerformanceCounter 55->59 56->56 56->57 57->35 57->39 58->55 58->58 59->50 60 7ff7de858f9b-7ff7de858fa2 59->60 60->40 61 7ff7de858fa4-7ff7de858fa8 60->61 61->42
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                          • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                          • API String ID: 3832162212-3165540532
                                                                                                                                                                                          • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                          • Instruction ID: aacfd791918e33314f0b271320ca5d97eca5e4d6361d81b7a956c317ec745998
                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8ED17431A08B8286E711AF74E8542ADB762FF84758FD02237DA5D47AA4DF3CD5A4C720
                                                                                                                                                                                          Function 00007FF7DE851000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 62 7ff7de851000-7ff7de853806 call 7ff7de85fe88 call 7ff7de85fe90 call 7ff7de85c8c0 call 7ff7de865460 call 7ff7de8654f4 call 7ff7de8536b0 76 7ff7de853808-7ff7de85380f 62->76 77 7ff7de853814-7ff7de853836 call 7ff7de851950 62->77 78 7ff7de853c97-7ff7de853cb2 call 7ff7de85c5c0 76->78 82 7ff7de85391b-7ff7de853931 call 7ff7de8545b0 77->82 83 7ff7de85383c-7ff7de853856 call 7ff7de851c80 77->83 90 7ff7de85396a-7ff7de85397f call 7ff7de852710 82->90 91 7ff7de853933-7ff7de853960 call 7ff7de857f80 82->91 87 7ff7de85385b-7ff7de85389b call 7ff7de858a20 83->87 97 7ff7de85389d-7ff7de8538a3 87->97 98 7ff7de8538c1-7ff7de8538cc call 7ff7de864fa0 87->98 101 7ff7de853c8f 90->101 99 7ff7de853984-7ff7de8539a6 call 7ff7de851c80 91->99 100 7ff7de853962-7ff7de853965 call 7ff7de8600bc 91->100 102 7ff7de8538a5-7ff7de8538ad 97->102 103 7ff7de8538af-7ff7de8538bd call 7ff7de858b90 97->103 109 7ff7de8539fc-7ff7de853a2a call 7ff7de858b30 call 7ff7de858b90 * 3 98->109 110 7ff7de8538d2-7ff7de8538e1 call 7ff7de858a20 98->110 115 7ff7de8539b0-7ff7de8539b9 99->115 100->90 101->78 102->103 103->98 138 7ff7de853a2f-7ff7de853a3e call 7ff7de858a20 109->138 119 7ff7de8538e7-7ff7de8538ed 110->119 120 7ff7de8539f4-7ff7de8539f7 call 7ff7de864fa0 110->120 115->115 118 7ff7de8539bb-7ff7de8539d8 call 7ff7de851950 115->118 118->87 130 7ff7de8539de-7ff7de8539ef call 7ff7de852710 118->130 124 7ff7de8538f0-7ff7de8538fc 119->124 120->109 127 7ff7de8538fe-7ff7de853903 124->127 128 7ff7de853905-7ff7de853908 124->128 127->124 127->128 128->120 131 7ff7de85390e-7ff7de853916 call 7ff7de864fa0 128->131 130->101 131->138 141 7ff7de853a44-7ff7de853a47 138->141 142 7ff7de853b45-7ff7de853b53 138->142 141->142 145 7ff7de853a4d-7ff7de853a50 141->145 143 7ff7de853a67 142->143 144 7ff7de853b59-7ff7de853b5d 142->144 146 7ff7de853a6b-7ff7de853a90 call 7ff7de864fa0 143->146 144->146 147 7ff7de853b14-7ff7de853b17 145->147 148 7ff7de853a56-7ff7de853a5a 145->148 157 7ff7de853aab-7ff7de853ac0 146->157 158 7ff7de853a92-7ff7de853aa6 call 7ff7de858b30 146->158 150 7ff7de853b19-7ff7de853b1d 147->150 151 7ff7de853b2f-7ff7de853b40 call 7ff7de852710 147->151 148->147 149 7ff7de853a60 148->149 149->143 150->151 153 7ff7de853b1f-7ff7de853b2a 150->153 159 7ff7de853c7f-7ff7de853c87 151->159 153->146 161 7ff7de853be8-7ff7de853bfa call 7ff7de858a20 157->161 162 7ff7de853ac6-7ff7de853aca 157->162 158->157 159->101 170 7ff7de853bfc-7ff7de853c02 161->170 171 7ff7de853c2e 161->171 164 7ff7de853bcd-7ff7de853be2 call 7ff7de851940 162->164 165 7ff7de853ad0-7ff7de853ae8 call 7ff7de8652c0 162->165 164->161 164->162 175 7ff7de853aea-7ff7de853b02 call 7ff7de8652c0 165->175 176 7ff7de853b62-7ff7de853b7a call 7ff7de8652c0 165->176 173 7ff7de853c1e-7ff7de853c2c 170->173 174 7ff7de853c04-7ff7de853c1c 170->174 177 7ff7de853c31-7ff7de853c40 call 7ff7de864fa0 171->177 173->177 174->177 175->164 188 7ff7de853b08-7ff7de853b0f 175->188 186 7ff7de853b7c-7ff7de853b80 176->186 187 7ff7de853b87-7ff7de853b9f call 7ff7de8652c0 176->187 184 7ff7de853c46-7ff7de853c4a 177->184 185 7ff7de853d41-7ff7de853d63 call 7ff7de8544d0 177->185 189 7ff7de853cd4-7ff7de853ce6 call 7ff7de858a20 184->189 190 7ff7de853c50-7ff7de853c5f call 7ff7de8590e0 184->190 199 7ff7de853d65-7ff7de853d6f call 7ff7de854620 185->199 200 7ff7de853d71-7ff7de853d82 call 7ff7de851c80 185->200 186->187 201 7ff7de853bac-7ff7de853bc4 call 7ff7de8652c0 187->201 202 7ff7de853ba1-7ff7de853ba5 187->202 188->164 206 7ff7de853ce8-7ff7de853ceb 189->206 207 7ff7de853d35-7ff7de853d3c 189->207 204 7ff7de853cb3-7ff7de853cb6 call 7ff7de858850 190->204 205 7ff7de853c61 190->205 214 7ff7de853d87-7ff7de853d96 199->214 200->214 201->164 217 7ff7de853bc6 201->217 202->201 216 7ff7de853cbb-7ff7de853cbd 204->216 211 7ff7de853c68 call 7ff7de852710 205->211 206->207 212 7ff7de853ced-7ff7de853d10 call 7ff7de851c80 206->212 207->211 225 7ff7de853c6d-7ff7de853c77 211->225 229 7ff7de853d2b-7ff7de853d33 call 7ff7de864fa0 212->229 230 7ff7de853d12-7ff7de853d26 call 7ff7de852710 call 7ff7de864fa0 212->230 220 7ff7de853d98-7ff7de853d9f 214->220 221 7ff7de853dc4-7ff7de853dda call 7ff7de859400 214->221 223 7ff7de853cc8-7ff7de853ccf 216->223 224 7ff7de853cbf-7ff7de853cc6 216->224 217->164 220->221 227 7ff7de853da1-7ff7de853da5 220->227 233 7ff7de853ddc 221->233 234 7ff7de853de8-7ff7de853e04 SetDllDirectoryW 221->234 223->214 224->211 225->159 227->221 231 7ff7de853da7-7ff7de853dbe SetDllDirectoryW LoadLibraryExW 227->231 229->214 230->225 231->221 233->234 237 7ff7de853e0a-7ff7de853e19 call 7ff7de858a20 234->237 238 7ff7de853f01-7ff7de853f08 234->238 251 7ff7de853e1b-7ff7de853e21 237->251 252 7ff7de853e32-7ff7de853e3c call 7ff7de864fa0 237->252 240 7ff7de853ffc-7ff7de854004 238->240 241 7ff7de853f0e-7ff7de853f15 238->241 245 7ff7de854029-7ff7de85405b call 7ff7de8536a0 call 7ff7de853360 call 7ff7de853670 call 7ff7de856fb0 call 7ff7de856d60 240->245 246 7ff7de854006-7ff7de854023 PostMessageW GetMessageW 240->246 241->240 244 7ff7de853f1b-7ff7de853f25 call 7ff7de8533c0 241->244 244->225 258 7ff7de853f2b-7ff7de853f3f call 7ff7de8590c0 244->258 246->245 255 7ff7de853e2d-7ff7de853e2f 251->255 256 7ff7de853e23-7ff7de853e2b 251->256 263 7ff7de853ef2-7ff7de853efc call 7ff7de858b30 252->263 264 7ff7de853e42-7ff7de853e48 252->264 255->252 256->255 271 7ff7de853f64-7ff7de853f7a call 7ff7de858b30 call 7ff7de858bd0 258->271 272 7ff7de853f41-7ff7de853f5e PostMessageW GetMessageW 258->272 263->238 264->263 268 7ff7de853e4e-7ff7de853e54 264->268 269 7ff7de853e56-7ff7de853e58 268->269 270 7ff7de853e5f-7ff7de853e61 268->270 274 7ff7de853e67-7ff7de853e83 call 7ff7de856db0 call 7ff7de857330 269->274 275 7ff7de853e5a 269->275 270->238 270->274 285 7ff7de853f7f-7ff7de853fa7 call 7ff7de856fb0 call 7ff7de856d60 call 7ff7de858ad0 271->285 272->271 289 7ff7de853e8e-7ff7de853e95 274->289 290 7ff7de853e85-7ff7de853e8c 274->290 275->238 310 7ff7de853fe9-7ff7de853ff7 call 7ff7de851900 285->310 311 7ff7de853fa9-7ff7de853fb3 call 7ff7de859200 285->311 293 7ff7de853e97-7ff7de853ea4 call 7ff7de856df0 289->293 294 7ff7de853eaf-7ff7de853eb9 call 7ff7de8571a0 289->294 292 7ff7de853edb-7ff7de853ef0 call 7ff7de852a50 call 7ff7de856fb0 call 7ff7de856d60 290->292 292->238 293->294 308 7ff7de853ea6-7ff7de853ead 293->308 304 7ff7de853ebb-7ff7de853ec2 294->304 305 7ff7de853ec4-7ff7de853ed2 call 7ff7de8574e0 294->305 304->292 305->238 318 7ff7de853ed4 305->318 308->292 310->225 311->310 321 7ff7de853fb5-7ff7de853fca 311->321 318->292 322 7ff7de853fcc-7ff7de853fdf call 7ff7de852710 call 7ff7de851900 321->322 323 7ff7de853fe4 call 7ff7de852a50 321->323 322->225 323->310
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                          • Opcode ID: 7c6149c83ec295aa3824364e4806b56b50599473bc5d4fd4de40d1ca8c577362
                                                                                                                                                                                          • Instruction ID: 0c972fccdd5ab0e24befdc8a2369378593f9cae6b0bd9e1f5f5cace45e88ef62
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c6149c83ec295aa3824364e4806b56b50599473bc5d4fd4de40d1ca8c577362
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C326D21A0C68291FB27FB2495543BDE6A1AF45784FC46837DA5D432DAEF2CE5B4C320
                                                                                                                                                                                          Function 00007FF7DE875C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 477 7ff7de875c70-7ff7de875cab call 7ff7de8755f8 call 7ff7de875600 call 7ff7de875668 484 7ff7de875ed5-7ff7de875f21 call 7ff7de86a970 call 7ff7de8755f8 call 7ff7de875600 call 7ff7de875668 477->484 485 7ff7de875cb1-7ff7de875cbc call 7ff7de875608 477->485 510 7ff7de875f27-7ff7de875f32 call 7ff7de875608 484->510 511 7ff7de87605f-7ff7de8760cd call 7ff7de86a970 call 7ff7de8715e8 484->511 485->484 491 7ff7de875cc2-7ff7de875ccc 485->491 492 7ff7de875cee-7ff7de875cf2 491->492 493 7ff7de875cce-7ff7de875cd1 491->493 496 7ff7de875cf5-7ff7de875cfd 492->496 495 7ff7de875cd4-7ff7de875cdf 493->495 498 7ff7de875cea-7ff7de875cec 495->498 499 7ff7de875ce1-7ff7de875ce8 495->499 496->496 500 7ff7de875cff-7ff7de875d12 call 7ff7de86d66c 496->500 498->492 502 7ff7de875d1b-7ff7de875d29 498->502 499->495 499->498 508 7ff7de875d2a-7ff7de875d36 call 7ff7de86a9b8 500->508 509 7ff7de875d14-7ff7de875d16 call 7ff7de86a9b8 500->509 519 7ff7de875d3d-7ff7de875d45 508->519 509->502 510->511 520 7ff7de875f38-7ff7de875f43 call 7ff7de875638 510->520 530 7ff7de8760db-7ff7de8760de 511->530 531 7ff7de8760cf-7ff7de8760d6 511->531 519->519 522 7ff7de875d47-7ff7de875d58 call 7ff7de8704e4 519->522 520->511 532 7ff7de875f49-7ff7de875f6c call 7ff7de86a9b8 GetTimeZoneInformation 520->532 522->484 529 7ff7de875d5e-7ff7de875db4 call 7ff7de87a540 * 4 call 7ff7de875b8c 522->529 590 7ff7de875db6-7ff7de875dba 529->590 535 7ff7de876115-7ff7de876128 call 7ff7de86d66c 530->535 536 7ff7de8760e0 530->536 534 7ff7de87616b-7ff7de87616e 531->534 546 7ff7de876034-7ff7de87605e call 7ff7de8755f0 call 7ff7de8755e0 call 7ff7de8755e8 532->546 547 7ff7de875f72-7ff7de875f93 532->547 539 7ff7de8760e3 call 7ff7de875eec 534->539 541 7ff7de876174-7ff7de87617c call 7ff7de875c70 534->541 549 7ff7de87612a 535->549 550 7ff7de876133-7ff7de87614e call 7ff7de8715e8 535->550 536->539 552 7ff7de8760e8-7ff7de876114 call 7ff7de86a9b8 call 7ff7de85c5c0 539->552 541->552 553 7ff7de875f9e-7ff7de875fa5 547->553 554 7ff7de875f95-7ff7de875f9b 547->554 557 7ff7de87612c-7ff7de876131 call 7ff7de86a9b8 549->557 574 7ff7de876155-7ff7de876167 call 7ff7de86a9b8 550->574 575 7ff7de876150-7ff7de876153 550->575 561 7ff7de875fb9 553->561 562 7ff7de875fa7-7ff7de875faf 553->562 554->553 557->536 568 7ff7de875fbb-7ff7de87602f call 7ff7de87a540 * 4 call 7ff7de872bcc call 7ff7de876184 * 2 561->568 562->561 570 7ff7de875fb1-7ff7de875fb7 562->570 568->546 570->568 574->534 575->557 592 7ff7de875dbc 590->592 593 7ff7de875dc0-7ff7de875dc4 590->593 592->593 593->590 594 7ff7de875dc6-7ff7de875deb call 7ff7de866bc8 593->594 600 7ff7de875dee-7ff7de875df2 594->600 602 7ff7de875df4-7ff7de875dff 600->602 603 7ff7de875e01-7ff7de875e05 600->603 602->603 605 7ff7de875e07-7ff7de875e0b 602->605 603->600 607 7ff7de875e0d-7ff7de875e35 call 7ff7de866bc8 605->607 608 7ff7de875e8c-7ff7de875e90 605->608 617 7ff7de875e37 607->617 618 7ff7de875e53-7ff7de875e57 607->618 610 7ff7de875e97-7ff7de875ea4 608->610 611 7ff7de875e92-7ff7de875e94 608->611 613 7ff7de875ea6-7ff7de875ebc call 7ff7de875b8c 610->613 614 7ff7de875ebf-7ff7de875ece call 7ff7de8755f0 call 7ff7de8755e0 610->614 611->610 613->614 614->484 621 7ff7de875e3a-7ff7de875e41 617->621 618->608 623 7ff7de875e59-7ff7de875e77 call 7ff7de866bc8 618->623 621->618 624 7ff7de875e43-7ff7de875e51 621->624 629 7ff7de875e83-7ff7de875e8a 623->629 624->618 624->621 629->608 630 7ff7de875e79-7ff7de875e7d 629->630 630->608 631 7ff7de875e7f 630->631 631->629
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875CB5
                                                                                                                                                                                            • Part of subcall function 00007FF7DE875608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE87561C
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9CE
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A9B8: GetLastError.KERNEL32(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9D8
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7DE86A94F,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86A979
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7DE86A94F,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86A99E
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875CA4
                                                                                                                                                                                            • Part of subcall function 00007FF7DE875668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE87567C
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875F1A
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875F2B
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875F3C
                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7DE87617C), ref: 00007FF7DE875F63
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                          • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                          • Instruction ID: 9fc58f23f2b051191b5c4bf6e53f91a299403c293e272d3a49fc01dd5506bb1e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9D1BF32E1864286E722BF21D8415BDB751FF44B84FC4A137EA8D47A95DF3CE4A28760
                                                                                                                                                                                          Function 00007FF7DE8769D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 691 7ff7de8769d4-7ff7de876a47 call 7ff7de876708 694 7ff7de876a49-7ff7de876a52 call 7ff7de864f58 691->694 695 7ff7de876a61-7ff7de876a6b call 7ff7de868590 691->695 700 7ff7de876a55-7ff7de876a5c call 7ff7de864f78 694->700 701 7ff7de876a6d-7ff7de876a84 call 7ff7de864f58 call 7ff7de864f78 695->701 702 7ff7de876a86-7ff7de876aef CreateFileW 695->702 715 7ff7de876da2-7ff7de876dc2 700->715 701->700 705 7ff7de876b6c-7ff7de876b77 GetFileType 702->705 706 7ff7de876af1-7ff7de876af7 702->706 708 7ff7de876b79-7ff7de876bb4 GetLastError call 7ff7de864eec CloseHandle 705->708 709 7ff7de876bca-7ff7de876bd1 705->709 711 7ff7de876b39-7ff7de876b67 GetLastError call 7ff7de864eec 706->711 712 7ff7de876af9-7ff7de876afd 706->712 708->700 726 7ff7de876bba-7ff7de876bc5 call 7ff7de864f78 708->726 718 7ff7de876bd9-7ff7de876bdc 709->718 719 7ff7de876bd3-7ff7de876bd7 709->719 711->700 712->711 713 7ff7de876aff-7ff7de876b37 CreateFileW 712->713 713->705 713->711 723 7ff7de876be2-7ff7de876c37 call 7ff7de8684a8 718->723 724 7ff7de876bde 718->724 719->723 729 7ff7de876c39-7ff7de876c45 call 7ff7de876910 723->729 730 7ff7de876c56-7ff7de876c87 call 7ff7de876488 723->730 724->723 726->700 729->730 736 7ff7de876c47 729->736 737 7ff7de876c8d-7ff7de876ccf 730->737 738 7ff7de876c89-7ff7de876c8b 730->738 739 7ff7de876c49-7ff7de876c51 call 7ff7de86ab30 736->739 740 7ff7de876cf1-7ff7de876cfc 737->740 741 7ff7de876cd1-7ff7de876cd5 737->741 738->739 739->715 742 7ff7de876d02-7ff7de876d06 740->742 743 7ff7de876da0 740->743 741->740 745 7ff7de876cd7-7ff7de876cec 741->745 742->743 746 7ff7de876d0c-7ff7de876d51 CloseHandle CreateFileW 742->746 743->715 745->740 748 7ff7de876d86-7ff7de876d9b 746->748 749 7ff7de876d53-7ff7de876d81 GetLastError call 7ff7de864eec call 7ff7de8686d0 746->749 748->743 749->748
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                          • Instruction ID: 7ea33fa915385debcd0544e877e478bc7d045644471b320a9b556bc7fe734e3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6C1D232B28A4285EB11EF65D4902AC7761FB49B98FC1623ADE6E577D4CF38D4A1C310
                                                                                                                                                                                          Function 00007FF7DE875EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 957 7ff7de875eec-7ff7de875f21 call 7ff7de8755f8 call 7ff7de875600 call 7ff7de875668 964 7ff7de875f27-7ff7de875f32 call 7ff7de875608 957->964 965 7ff7de87605f-7ff7de8760cd call 7ff7de86a970 call 7ff7de8715e8 957->965 964->965 970 7ff7de875f38-7ff7de875f43 call 7ff7de875638 964->970 976 7ff7de8760db-7ff7de8760de 965->976 977 7ff7de8760cf-7ff7de8760d6 965->977 970->965 978 7ff7de875f49-7ff7de875f6c call 7ff7de86a9b8 GetTimeZoneInformation 970->978 980 7ff7de876115-7ff7de876128 call 7ff7de86d66c 976->980 981 7ff7de8760e0 976->981 979 7ff7de87616b-7ff7de87616e 977->979 989 7ff7de876034-7ff7de87605e call 7ff7de8755f0 call 7ff7de8755e0 call 7ff7de8755e8 978->989 990 7ff7de875f72-7ff7de875f93 978->990 983 7ff7de8760e3 call 7ff7de875eec 979->983 985 7ff7de876174-7ff7de87617c call 7ff7de875c70 979->985 992 7ff7de87612a 980->992 993 7ff7de876133-7ff7de87614e call 7ff7de8715e8 980->993 981->983 994 7ff7de8760e8-7ff7de876114 call 7ff7de86a9b8 call 7ff7de85c5c0 983->994 985->994 995 7ff7de875f9e-7ff7de875fa5 990->995 996 7ff7de875f95-7ff7de875f9b 990->996 999 7ff7de87612c-7ff7de876131 call 7ff7de86a9b8 992->999 1014 7ff7de876155-7ff7de876167 call 7ff7de86a9b8 993->1014 1015 7ff7de876150-7ff7de876153 993->1015 1002 7ff7de875fb9 995->1002 1003 7ff7de875fa7-7ff7de875faf 995->1003 996->995 999->981 1008 7ff7de875fbb-7ff7de87602f call 7ff7de87a540 * 4 call 7ff7de872bcc call 7ff7de876184 * 2 1002->1008 1003->1002 1010 7ff7de875fb1-7ff7de875fb7 1003->1010 1008->989 1010->1008 1014->979 1015->999
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875F1A
                                                                                                                                                                                            • Part of subcall function 00007FF7DE875668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE87567C
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875F2B
                                                                                                                                                                                            • Part of subcall function 00007FF7DE875608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE87561C
                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF7DE875F3C
                                                                                                                                                                                            • Part of subcall function 00007FF7DE875638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE87564C
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9CE
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A9B8: GetLastError.KERNEL32(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9D8
                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7DE87617C), ref: 00007FF7DE875F63
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                          • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                          • Instruction ID: b6da3249154385b6e5fb601c3e647e6ee219bbb01d6295c7299911e00b04415b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9251B532E1864286E712FF61E8815ADF760FB48784FC46137DA8D43696DF3CE4A18760
                                                                                                                                                                                          Function 00007FF7DE8592F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                          • Instruction ID: 21996421cb8e3602878c1d0c4ed83ae995fc47dc82e713eae290538b02ca207d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F0CD22618741C6F761AB94F4487AEB350FB44328FC42336D9BD02AD4DF3CD058CA10
                                                                                                                                                                                          Function 00007FF7DE851950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 329 7ff7de851950-7ff7de85198b call 7ff7de8545b0 332 7ff7de851c4e-7ff7de851c72 call 7ff7de85c5c0 329->332 333 7ff7de851991-7ff7de8519d1 call 7ff7de857f80 329->333 338 7ff7de851c3b-7ff7de851c3e call 7ff7de8600bc 333->338 339 7ff7de8519d7-7ff7de8519e7 call 7ff7de860744 333->339 343 7ff7de851c43-7ff7de851c4b 338->343 344 7ff7de851a08-7ff7de851a24 call 7ff7de86040c 339->344 345 7ff7de8519e9-7ff7de851a03 call 7ff7de864f78 call 7ff7de852910 339->345 343->332 350 7ff7de851a45-7ff7de851a5a call 7ff7de864f98 344->350 351 7ff7de851a26-7ff7de851a40 call 7ff7de864f78 call 7ff7de852910 344->351 345->338 359 7ff7de851a7b-7ff7de851afc call 7ff7de851c80 * 2 call 7ff7de860744 350->359 360 7ff7de851a5c-7ff7de851a76 call 7ff7de864f78 call 7ff7de852910 350->360 351->338 371 7ff7de851b01-7ff7de851b14 call 7ff7de864fb4 359->371 360->338 374 7ff7de851b35-7ff7de851b4e call 7ff7de86040c 371->374 375 7ff7de851b16-7ff7de851b30 call 7ff7de864f78 call 7ff7de852910 371->375 380 7ff7de851b6f-7ff7de851b8b call 7ff7de860180 374->380 381 7ff7de851b50-7ff7de851b6a call 7ff7de864f78 call 7ff7de852910 374->381 375->338 389 7ff7de851b8d-7ff7de851b99 call 7ff7de852710 380->389 390 7ff7de851b9e-7ff7de851bac 380->390 381->338 389->338 390->338 393 7ff7de851bb2-7ff7de851bb9 390->393 395 7ff7de851bc1-7ff7de851bc7 393->395 396 7ff7de851bc9-7ff7de851bd6 395->396 397 7ff7de851be0-7ff7de851bef 395->397 398 7ff7de851bf1-7ff7de851bfa 396->398 397->397 397->398 399 7ff7de851bfc-7ff7de851bff 398->399 400 7ff7de851c0f 398->400 399->400 401 7ff7de851c01-7ff7de851c04 399->401 402 7ff7de851c11-7ff7de851c24 400->402 401->400 403 7ff7de851c06-7ff7de851c09 401->403 404 7ff7de851c2d-7ff7de851c39 402->404 405 7ff7de851c26 402->405 403->400 406 7ff7de851c0b-7ff7de851c0d 403->406 404->338 404->395 405->404 406->402
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7DE857F80: _fread_nolock.LIBCMT ref: 00007FF7DE85802A
                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF7DE851A1B
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7DE851B6A), ref: 00007FF7DE85295E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                          • Opcode ID: f8096cce2067d15cebc3bdaacbdc60c8b6a2e1e4d6ea3146b715ff88ef4c1dca
                                                                                                                                                                                          • Instruction ID: 45545e8201761dc821a475b12984c422f2044e9fdfa13b7cbc52b39e42f710eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8096cce2067d15cebc3bdaacbdc60c8b6a2e1e4d6ea3146b715ff88ef4c1dca
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A81D271A0CA8285EB22FB24D0442BDE3A1FF44785FC46437E98D47785DE3DE9A58B60
                                                                                                                                                                                          Function 00007FF7DE851600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 407 7ff7de851600-7ff7de851611 408 7ff7de851637-7ff7de851651 call 7ff7de8545b0 407->408 409 7ff7de851613-7ff7de85161c call 7ff7de851050 407->409 414 7ff7de851653-7ff7de851681 call 7ff7de864f78 call 7ff7de852910 408->414 415 7ff7de851682-7ff7de85169c call 7ff7de8545b0 408->415 416 7ff7de85162e-7ff7de851636 409->416 417 7ff7de85161e-7ff7de851629 call 7ff7de852710 409->417 424 7ff7de85169e-7ff7de8516b3 call 7ff7de852710 415->424 425 7ff7de8516b8-7ff7de8516cf call 7ff7de860744 415->425 417->416 431 7ff7de851821-7ff7de851824 call 7ff7de8600bc 424->431 432 7ff7de8516f9-7ff7de8516fd 425->432 433 7ff7de8516d1-7ff7de8516f4 call 7ff7de864f78 call 7ff7de852910 425->433 438 7ff7de851829-7ff7de85183b 431->438 435 7ff7de851717-7ff7de851737 call 7ff7de864fb4 432->435 436 7ff7de8516ff-7ff7de85170b call 7ff7de851210 432->436 446 7ff7de851819-7ff7de85181c call 7ff7de8600bc 433->446 447 7ff7de851739-7ff7de85175c call 7ff7de864f78 call 7ff7de852910 435->447 448 7ff7de851761-7ff7de85176c 435->448 443 7ff7de851710-7ff7de851712 436->443 443->446 446->431 461 7ff7de85180f-7ff7de851814 447->461 450 7ff7de851802-7ff7de85180a call 7ff7de864fa0 448->450 451 7ff7de851772-7ff7de851777 448->451 450->461 454 7ff7de851780-7ff7de8517a2 call 7ff7de86040c 451->454 462 7ff7de8517da-7ff7de8517e6 call 7ff7de864f78 454->462 463 7ff7de8517a4-7ff7de8517bc call 7ff7de860b4c 454->463 461->446 468 7ff7de8517ed-7ff7de8517f8 call 7ff7de852910 462->468 469 7ff7de8517be-7ff7de8517c1 463->469 470 7ff7de8517c5-7ff7de8517d8 call 7ff7de864f78 463->470 476 7ff7de8517fd 468->476 469->454 472 7ff7de8517c3 469->472 470->468 472->476 476->450
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                          • API String ID: 2050909247-1550345328
                                                                                                                                                                                          • Opcode ID: e33f210c217a6ffcc68d29fe46a5e37371bf7e5689aecd108357e4c1f5d99a01
                                                                                                                                                                                          • Instruction ID: 8a4b062b35998d9c808a81ccedbb3b934f37bf8d4e856f671c3026a18ef307ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: e33f210c217a6ffcc68d29fe46a5e37371bf7e5689aecd108357e4c1f5d99a01
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA51B321B08A4392EA12FB11A4005BDE3A2BF44799FC46537EE5C077D6DF3CE9A58760
                                                                                                                                                                                          Function 00007FF7DE858850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetTempPathW.KERNEL32(?,?,00000000,00007FF7DE853CBB), ref: 00007FF7DE8588F4
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00007FF7DE853CBB), ref: 00007FF7DE8588FA
                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00007FF7DE853CBB), ref: 00007FF7DE85893C
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858A20: GetEnvironmentVariableW.KERNEL32(00007FF7DE85388E), ref: 00007FF7DE858A57
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7DE858A79
                                                                                                                                                                                            • Part of subcall function 00007FF7DE8682A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE8682C1
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852810: MessageBoxW.USER32 ref: 00007FF7DE8528EA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                          • API String ID: 3563477958-1339014028
                                                                                                                                                                                          • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                          • Instruction ID: fdf33a5ecd5d922e5c7c0e817c7b46657ffa65e519de1700349b665c5296beb7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4641D221B1964285FA22FB61A8552BDE391AF8A7C0FC02037ED0D577D6EE3CE565C720
                                                                                                                                                                                          Function 00007FF7DE851210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 754 7ff7de851210-7ff7de85126d call 7ff7de85bdf0 757 7ff7de851297-7ff7de8512af call 7ff7de864fb4 754->757 758 7ff7de85126f-7ff7de851296 call 7ff7de852710 754->758 763 7ff7de8512d4-7ff7de8512e4 call 7ff7de864fb4 757->763 764 7ff7de8512b1-7ff7de8512cf call 7ff7de864f78 call 7ff7de852910 757->764 770 7ff7de851309-7ff7de85131b 763->770 771 7ff7de8512e6-7ff7de851304 call 7ff7de864f78 call 7ff7de852910 763->771 775 7ff7de851439-7ff7de85144e call 7ff7de85bad0 call 7ff7de864fa0 * 2 764->775 774 7ff7de851320-7ff7de851345 call 7ff7de86040c 770->774 771->775 783 7ff7de85134b-7ff7de851355 call 7ff7de860180 774->783 784 7ff7de851431 774->784 791 7ff7de851453-7ff7de85146d 775->791 783->784 790 7ff7de85135b-7ff7de851367 783->790 784->775 792 7ff7de851370-7ff7de851398 call 7ff7de85a230 790->792 795 7ff7de85139a-7ff7de85139d 792->795 796 7ff7de851416-7ff7de85142c call 7ff7de852710 792->796 797 7ff7de85139f-7ff7de8513a9 795->797 798 7ff7de851411 795->798 796->784 800 7ff7de8513ab-7ff7de8513b9 call 7ff7de860b4c 797->800 801 7ff7de8513d4-7ff7de8513d7 797->801 798->796 807 7ff7de8513be-7ff7de8513c1 800->807 802 7ff7de8513d9-7ff7de8513e7 call 7ff7de879ea0 801->802 803 7ff7de8513ea-7ff7de8513ef 801->803 802->803 803->792 806 7ff7de8513f5-7ff7de8513f8 803->806 809 7ff7de85140c-7ff7de85140f 806->809 810 7ff7de8513fa-7ff7de8513fd 806->810 811 7ff7de8513c3-7ff7de8513cd call 7ff7de860180 807->811 812 7ff7de8513cf-7ff7de8513d2 807->812 809->784 810->796 813 7ff7de8513ff-7ff7de851407 810->813 811->803 811->812 812->796 813->774
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                          • Opcode ID: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                          • Instruction ID: 06352600d645b83c4880f2301fb6b9f513da239f660a8c56e40e6591f96de0f8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5203fde90a14cfca52878d148793ed0f56fa2f4a03ba52266beea290f2c18543
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A51F622A08A8285E662FB11A4103BEE292FF85795FC46137ED4D477D5EF3CE565C320
                                                                                                                                                                                          Function 00007FF7DE8536B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF7DE853804), ref: 00007FF7DE8536E1
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE853804), ref: 00007FF7DE8536EB
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DE853706,?,00007FF7DE853804), ref: 00007FF7DE852C9E
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DE853706,?,00007FF7DE853804), ref: 00007FF7DE852D63
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852C50: MessageBoxW.USER32 ref: 00007FF7DE852D99
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                          • Instruction ID: e69e74e4c39c49b2e4f347c208db3dffab80ea28e38f644a89ab1b2cc11988e2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 11219561F1C64291FA23B724E8453BEA261BF48394FC02537E99D875E9EF2CE564C720
                                                                                                                                                                                          Function 00007FF7DE86BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 844 7ff7de86bacc-7ff7de86baf2 845 7ff7de86bb0d-7ff7de86bb11 844->845 846 7ff7de86baf4-7ff7de86bb08 call 7ff7de864f58 call 7ff7de864f78 844->846 847 7ff7de86bee7-7ff7de86bef3 call 7ff7de864f58 call 7ff7de864f78 845->847 848 7ff7de86bb17-7ff7de86bb1e 845->848 860 7ff7de86befe 846->860 867 7ff7de86bef9 call 7ff7de86a950 847->867 848->847 850 7ff7de86bb24-7ff7de86bb52 848->850 850->847 853 7ff7de86bb58-7ff7de86bb5f 850->853 856 7ff7de86bb78-7ff7de86bb7b 853->856 857 7ff7de86bb61-7ff7de86bb73 call 7ff7de864f58 call 7ff7de864f78 853->857 863 7ff7de86bee3-7ff7de86bee5 856->863 864 7ff7de86bb81-7ff7de86bb87 856->864 857->867 865 7ff7de86bf01-7ff7de86bf18 860->865 863->865 864->863 868 7ff7de86bb8d-7ff7de86bb90 864->868 867->860 868->857 871 7ff7de86bb92-7ff7de86bbb7 868->871 873 7ff7de86bbb9-7ff7de86bbbb 871->873 874 7ff7de86bbea-7ff7de86bbf1 871->874 877 7ff7de86bbbd-7ff7de86bbc4 873->877 878 7ff7de86bbe2-7ff7de86bbe8 873->878 875 7ff7de86bbc6-7ff7de86bbdd call 7ff7de864f58 call 7ff7de864f78 call 7ff7de86a950 874->875 876 7ff7de86bbf3-7ff7de86bc1b call 7ff7de86d66c call 7ff7de86a9b8 * 2 874->876 906 7ff7de86bd70 875->906 909 7ff7de86bc1d-7ff7de86bc33 call 7ff7de864f78 call 7ff7de864f58 876->909 910 7ff7de86bc38-7ff7de86bc63 call 7ff7de86c2f4 876->910 877->875 877->878 880 7ff7de86bc68-7ff7de86bc7f 878->880 883 7ff7de86bcfa-7ff7de86bd04 call 7ff7de87398c 880->883 884 7ff7de86bc81-7ff7de86bc89 880->884 895 7ff7de86bd8e 883->895 896 7ff7de86bd0a-7ff7de86bd1f 883->896 884->883 888 7ff7de86bc8b-7ff7de86bc8d 884->888 888->883 892 7ff7de86bc8f-7ff7de86bca5 888->892 892->883 897 7ff7de86bca7-7ff7de86bcb3 892->897 899 7ff7de86bd93-7ff7de86bdb3 ReadFile 895->899 896->895 901 7ff7de86bd21-7ff7de86bd33 GetConsoleMode 896->901 897->883 902 7ff7de86bcb5-7ff7de86bcb7 897->902 904 7ff7de86bead-7ff7de86beb6 GetLastError 899->904 905 7ff7de86bdb9-7ff7de86bdc1 899->905 901->895 907 7ff7de86bd35-7ff7de86bd3d 901->907 902->883 908 7ff7de86bcb9-7ff7de86bcd1 902->908 915 7ff7de86beb8-7ff7de86bece call 7ff7de864f78 call 7ff7de864f58 904->915 916 7ff7de86bed3-7ff7de86bed6 904->916 905->904 912 7ff7de86bdc7 905->912 917 7ff7de86bd73-7ff7de86bd7d call 7ff7de86a9b8 906->917 907->899 914 7ff7de86bd3f-7ff7de86bd61 ReadConsoleW 907->914 908->883 918 7ff7de86bcd3-7ff7de86bcdf 908->918 909->906 910->880 922 7ff7de86bdce-7ff7de86bde3 912->922 924 7ff7de86bd63 GetLastError 914->924 925 7ff7de86bd82-7ff7de86bd8c 914->925 915->906 919 7ff7de86bedc-7ff7de86bede 916->919 920 7ff7de86bd69-7ff7de86bd6b call 7ff7de864eec 916->920 917->865 918->883 928 7ff7de86bce1-7ff7de86bce3 918->928 919->917 920->906 922->917 931 7ff7de86bde5-7ff7de86bdf0 922->931 924->920 925->922 928->883 929 7ff7de86bce5-7ff7de86bcf5 928->929 929->883 936 7ff7de86be17-7ff7de86be1f 931->936 937 7ff7de86bdf2-7ff7de86be0b call 7ff7de86b6e4 931->937 940 7ff7de86be9b-7ff7de86bea8 call 7ff7de86b524 936->940 941 7ff7de86be21-7ff7de86be33 936->941 944 7ff7de86be10-7ff7de86be12 937->944 940->944 945 7ff7de86be8e-7ff7de86be96 941->945 946 7ff7de86be35 941->946 944->917 945->917 948 7ff7de86be3a-7ff7de86be41 946->948 949 7ff7de86be7d-7ff7de86be88 948->949 950 7ff7de86be43-7ff7de86be47 948->950 949->945 951 7ff7de86be49-7ff7de86be50 950->951 952 7ff7de86be63 950->952 951->952 954 7ff7de86be52-7ff7de86be56 951->954 953 7ff7de86be69-7ff7de86be79 952->953 953->948 956 7ff7de86be7b 953->956 954->952 955 7ff7de86be58-7ff7de86be61 954->955 955->953 956->945
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                          • Instruction ID: e5324cfc839618daa56a208e8f7c3f706f2633f659c516975db4def482a9c4d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59C1D43290CA8641E763AB1594402BDE7A5FF81B8CFD5613BEA4E07791CF7CE8658720
                                                                                                                                                                                          Function 00007FF7DE858760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 995526605-0
                                                                                                                                                                                          • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                          • Instruction ID: 1765867d04278bd6d8625d71a25346e1c566e759fe341617aab48c924b27627e
                                                                                                                                                                                          • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E216031A0C64242EB11AB55F45423EE7A1FF857A4FD02237EAAD43AE4DF7CD8648720
                                                                                                                                                                                          Function 00007FF7DE8590E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: GetCurrentProcess.KERNEL32 ref: 00007FF7DE858780
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: OpenProcessToken.ADVAPI32 ref: 00007FF7DE858793
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: GetTokenInformation.KERNELBASE ref: 00007FF7DE8587B8
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: GetLastError.KERNEL32 ref: 00007FF7DE8587C2
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: GetTokenInformation.KERNELBASE ref: 00007FF7DE858802
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7DE85881E
                                                                                                                                                                                            • Part of subcall function 00007FF7DE858760: CloseHandle.KERNEL32 ref: 00007FF7DE858836
                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7DE853C55), ref: 00007FF7DE85916C
                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF7DE853C55), ref: 00007FF7DE859175
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                          • API String ID: 6828938-1529539262
                                                                                                                                                                                          • Opcode ID: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                          • Instruction ID: f29a750084670a3b9020e04584ee6e64229381c2c77a0fb2656151fcea4398df
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb7115bd34229e0b110e4578eeeb93c66e7230f7a251aed45e8d0dbb8b27e08
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7214B21A0874281E612BB50E9152EEE7A5FF88780FC46037EA8D53B86DF3CD8658760
                                                                                                                                                                                          Function 00007FF7DE857E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7DE85352C,?,00000000,00007FF7DE853F23), ref: 00007FF7DE857F22
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateDirectory
                                                                                                                                                                                          • String ID: %.*s$%s%c$\
                                                                                                                                                                                          • API String ID: 4241100979-1685191245
                                                                                                                                                                                          • Opcode ID: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                          • Instruction ID: c95f6dead676323d68768c7269eec7a5a9d998358d01b377b30138e4c2001a62
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ca7fb79b4ea6b2c566bb37e9ebd00ba932afb87f6e77ad964f7d4209dd14296
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB31F821A1DAC145EA22AB10A8503FEA355EF84BE4FC06232EE6D477C9DF2CD6518720
                                                                                                                                                                                          Function 00007FF7DE86CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DE86CFBB), ref: 00007FF7DE86D0EC
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DE86CFBB), ref: 00007FF7DE86D177
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                          • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                          • Instruction ID: 347cf5d5b8fcd649ac5bdea9a4c0870bef2044ec15baa1060cfd0912961ce3ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: C991D432F1865185F752BF6598402BDABA1BB44B88FD4613FDE0E576C5CE38E4A2C720
                                                                                                                                                                                          Function 00007FF7DE86F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                          • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                          • Instruction ID: 1f67bacd5495147964f58ec3bfac60ce616c7b208993c9420d93d27096646128
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4751F772F081118AFB15EF24E9516BCA7A1BB40398FD0213BDE1E52AE5DF38E4628710
                                                                                                                                                                                          Function 00007FF7DE8657EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                          • Opcode ID: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                          • Instruction ID: c3c0f2588e8b3eeba96508ec0841953fe9489a94f0d64899ffa5aa106fe42d77
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a0c598da5bacb08a65281ee6853743b6bc645484a6b27ddd69bc7d98502ecbe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 99517032E086418AFB11EF71E4503BDB3A1BB44B58FD4683ADE4D57689DF38D4A18720
                                                                                                                                                                                          Function 00007FF7DE865698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                          • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                          • Instruction ID: 26ccb9452061568ecb6aadd26e7f88201fe019d354809061ca4b3add4c3b9a05
                                                                                                                                                                                          • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B41A232D1878283E311AB20951036DB360FB94764F90A73AEA9C07AD2DF6CA5F08720
                                                                                                                                                                                          Function 00007FF7DE85CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                          • Instruction ID: 8cc5ca63a98cef51cf49e37f3f17ec7928bf614523821f3f85e544fdbad7874f
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA315C20E0864345FA57BB64D4513BEE7929F42784FC47437D94D9B2D3DE2CA864C670
                                                                                                                                                                                          Function 00007FF7DE8601AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                          • Instruction ID: 2b91912db0ae556a9d567afccd0d61cf9856206f04667e622696eb1e54a6c558
                                                                                                                                                                                          • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39514831B096C186E73BBA25940067EE290BF46BA4FD4673ADE6C037E5CF3CD4218624
                                                                                                                                                                                          Function 00007FF7DE86C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                          • Instruction ID: cc3a4dafd665d959e1ed2c408434cd3942d4c24dfd950e3714716afcaa9cf2be
                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E11B271618A8181DA11BB25A80416DA362BB85BF4FD45336EE7D4B7E9CE3CD0618710
                                                                                                                                                                                          Function 00007FF7DE865994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DE8658A9), ref: 00007FF7DE8659C7
                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7DE8658A9), ref: 00007FF7DE8659DD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                          • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                          • Instruction ID: 894f6e9ff7744fe5dcfea9a241ee565617ca4545af86d1c9007e21e9fc94b038
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C11943261C61281EB556B50A44117EF7A1FB84775FD0263BFA9D81AD4EF2CD064CB10
                                                                                                                                                                                          Function 00007FF7DE86A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9CE
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9D8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                          • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                          • Instruction ID: e86b0256509f1fb957ea85058566dbbe68a097d2812939c03d827c1cfd6cccac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E04F20E08A0242FF167BB2684513C91527F84741BC4203AC91D432A1DE2C68E58320
                                                                                                                                                                                          Function 00007FF7DE86ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF7DE86AA45,?,?,00000000,00007FF7DE86AAFA), ref: 00007FF7DE86AC36
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7DE86AA45,?,?,00000000,00007FF7DE86AAFA), ref: 00007FF7DE86AC40
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                          • Instruction ID: 014a22ac3bb223751f3f2c57573d052327b76b59c1e4c8fc3c3bfbde2e6ba6d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                          • Instruction Fuzzy Hash: B621C631F1CA4241FA927761A49527D9292AF847D0FC8627FD91E4B3C1CE6CE4658320
                                                                                                                                                                                          Function 00007FF7DE86BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                          • Instruction ID: 8651125461a3d70f827669971a53ec150b81a321b8fa52fa9951921bcb134c63
                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A41153290860187EA36BB15A54027DF7A4EB45B58FD0213BDA8E43692CF2DF452CB61
                                                                                                                                                                                          Function 00007FF7DE857F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                          • Opcode ID: c7509c5c59c4a666db98ff03363a6938e2dccbe5af1fc5850b6eda6e7b6e2098
                                                                                                                                                                                          • Instruction ID: c9c32c334bb622b4fe90452389bc03e9faa4f98815f2fb71f216294f9d936346
                                                                                                                                                                                          • Opcode Fuzzy Hash: c7509c5c59c4a666db98ff03363a6938e2dccbe5af1fc5850b6eda6e7b6e2098
                                                                                                                                                                                          • Instruction Fuzzy Hash: D221A622B0879185FA52BB1265043BED691BF45BD4FCC6437EE4D0B786CE7DE0518720
                                                                                                                                                                                          Function 00007FF7DE86B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                          • Instruction ID: 76903acfb82272bf2c23d1a84f5b433fbd6c6616bb6032d8b4f3171ad97172fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B31CE32A1864285E7137B55984137CA650AF40B9EFD2223BEA2D033D2CF7CE8618730
                                                                                                                                                                                          Function 00007FF7DE866004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                          • Instruction ID: 24ad37c4bbb8bc67b5ec69346af2bcfe5439d4573f8dc74b55bd889302c74e47
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11A532A1C64282EA62BF11A40027EF260BF45B80FD4643BFB4C57B96DF3DD5608720
                                                                                                                                                                                          Function 00007FF7DE8763C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                          • Instruction ID: 30b1e3e3aa5fe4dffb6ab94c2e63748315d3b0d43d6e9cdf725910800032ec5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0821DA7260CA4146D762AF18D44037DB2A0FB84B54FD41235DA9E476E5DF3CD4A0CB10
                                                                                                                                                                                          Function 00007FF7DE86042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                          • Instruction ID: 7105de4764cd8dbdfabb0a16352a1e287b8df5c68efd1f0b6484d6c2e8fbcfa7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95010871A0878140EA22FF525A0106DE691BF82FE4FC85636DE5C17BD6CE3CD4218314
                                                                                                                                                                                          Function 00007FF7DE86EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF7DE86B39A,?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA), ref: 00007FF7DE86EC5D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                          • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                          • Instruction ID: f944fe5e1c172960848ba00ac4dae051bcb2970cc854157ec7ce43bc58f354c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF06D60B1970684FE577B6258917BDC2815F84B80FCC743ACD0E863D1DE1CF6A08230
                                                                                                                                                                                          Function 00007FF7DE86D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF7DE860D00,?,?,?,00007FF7DE86236A,?,?,?,?,?,00007FF7DE863B59), ref: 00007FF7DE86D6AA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                          • Instruction ID: c629dcd7267a2b8a6fc5ccabae616f4a8f125826341c58048d6fe9553395908e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F05820F0930344FE6777A1580167CA2915F94BA0FC8623ADD2E8A3D2DE6CB4B08270

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00007FF7DE855820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE855830
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE855842
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE855879
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE85588B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8558A4
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8558B6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8558CF
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8558E1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8558FD
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE85590F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE85592B
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE85593D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE855959
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE85596B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE855987
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE855999
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8559B5
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE8564BF,?,00007FF7DE85336E), ref: 00007FF7DE8559C7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                          • API String ID: 199729137-653951865
                                                                                                                                                                                          • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                          • Instruction ID: 2f50ec135d256afa9ef0fab903b72197552bf29a93311e026b6d81e8e37ca542
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                          • Instruction Fuzzy Hash: F7227464D0DB47D1FA57BB55A85417CA2A2BF08799BC57037C89E13360EF3CB9A88360
                                                                                                                                                                                          Function 00007FF7DE87411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                                                          • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                          • Instruction ID: deaa4c032aa603d60b280bb0833a9400211ae5e1aa0f7315554c0e380b30ad7d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FB20472F182828BE736AF64D4407FDB7A1FB54388FD02136DA4D57A84DB38A991CB50
                                                                                                                                                                                          Function 00007FF7DE8583B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,00007FF7DE858B09,00007FF7DE853FA5), ref: 00007FF7DE85841B
                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7DE858B09,00007FF7DE853FA5), ref: 00007FF7DE85849E
                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00007FF7DE858B09,00007FF7DE853FA5), ref: 00007FF7DE8584BD
                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00007FF7DE858B09,00007FF7DE853FA5), ref: 00007FF7DE8584CB
                                                                                                                                                                                          • FindClose.KERNEL32(?,00007FF7DE858B09,00007FF7DE853FA5), ref: 00007FF7DE8584DC
                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?,00007FF7DE858B09,00007FF7DE853FA5), ref: 00007FF7DE8584E5
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                          • String ID: %s\*
                                                                                                                                                                                          • API String ID: 1057558799-766152087
                                                                                                                                                                                          • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                          • Instruction ID: 791d7e2482623824ab72e9a07a33b7fcbccb8c1bc050fad4ed969ea853e1105d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                          • Instruction Fuzzy Hash: BF419321A0C94285EE22BB64E5885BDE3A1FF94754FC02633D99D436D4DF3CD95AC720
                                                                                                                                                                                          Function 00007FF7DE85AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                          • API String ID: 0-2665694366
                                                                                                                                                                                          • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                          • Instruction ID: 102321cdb72a4aeb1ab41d3902b95cab0080341166b907664a9f11e7ed38f84c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F523572A14AA68BE7A59F14C498B7E7BE9FB44344F81513AE64A837C0DF3CD850CB50
                                                                                                                                                                                          Function 00007FF7DE85D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                          • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                          • Instruction ID: e1e5dc8ff0b4bfb90078600cfaec874f220c618b7f57328e38950c692a19bca4
                                                                                                                                                                                          • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C317472619B818AEB61EF60E8403EEB361FB84708F84543ADA4D47B94EF3CD558C720
                                                                                                                                                                                          Function 00007FF7DE86A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                          • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                          • Instruction ID: e62e9d200a192a18d3f1fedb95d3396beaaeeae65c9137fbe9bb9423b696f1a5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: D8319632618F8186DB61EF25E8402AEB3A5FB88758FD41136EA8D47B94EF3CC555CB10
                                                                                                                                                                                          Function 00007FF7DE8718E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                          • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                          • Instruction ID: 09546220ef3bfefc58d097ecd3ce8ea3d98540d45345391ce70049d3e9059bb2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                          • Instruction Fuzzy Hash: B5B1A422B1869241EA62BB6194003BDE791EB44BE5FD46137DEDD07F85EE3CE4A1C320
                                                                                                                                                                                          Function 00007FF7DE85D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                          • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                          • Instruction ID: 831da2aea91beb01da988a801fc831f4ec8ed193294f229abc0fc6e72712c333
                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47114C22B14B058AEB00EB60E8442AD73A4FB19758F842E32DE6D477A4DF38D5A48350
                                                                                                                                                                                          Function 00007FF7DE873C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                          • Instruction ID: 7887d6b0568bc66133948ec051a4860df0cdb0d80181a7510fa70f31489df97e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FC12772B1868687D726EF19A04466EF7A1F794784FD4A136DB8E43B44DB3DE890CB00
                                                                                                                                                                                          Function 00007FF7DE85A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                          • API String ID: 0-1127688429
                                                                                                                                                                                          • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                          • Instruction ID: f808fe7492c56d8d6a6dbd327ac5e1d12f1836076a582e04a2edb98005b8e41c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                          • Instruction Fuzzy Hash: E5F1B162A087D58BE7A6AF1480C8B3EBAE9EF44740F86617ADA5D173D0CF38D850C750
                                                                                                                                                                                          Function 00007FF7DE879798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                          • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                          • Instruction ID: 5b4a381d7b28aeabd1b7f6f74b143621eaad0f9b176be98af53550d162e2727d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                          • Instruction Fuzzy Hash: E1B16F73A05B858BEB16DF29C44636CB7A0F744B48F959832DA9D837A4CB39D4A1C710
                                                                                                                                                                                          Function 00007FF7DE863A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                          • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                          • Instruction ID: 7265a03293be41f6d5c9df4308309d99d3c647f61448e45b67dc5be8a7fcae8d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E1B532A0864686EB6BAF25845013DB3A0FF85B58FD4613FDA4E07795DF39E861C720
                                                                                                                                                                                          Function 00007FF7DE85A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: incorrect header check$invalid window size
                                                                                                                                                                                          • API String ID: 0-900081337
                                                                                                                                                                                          • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                          • Instruction ID: 0bba450fbec4d8f0bb1938e7e4a17497da765a4c0d1d7883fe535f7369ccb519
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F91F572A186C687E7A69B14C48CB3E7AA9FF40344FD1517ADA5A473C0DF38E850CB10
                                                                                                                                                                                          Function 00007FF7DE86DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                                                          • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                          • Instruction ID: 3603b371222d2475e26f922661c844dec6f5b922f5281cd8ad51f76957f03f3c
                                                                                                                                                                                          • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47517832B187C146E7269E35980176DA791F744B94FC8A23ACBAC47AC5CE3EE1518711
                                                                                                                                                                                          Function 00007FF7DE870938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                          • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                          • Instruction ID: 66d436bcfcc13a9caaa9a2251d624a54964b4bff4ab78e81e3a51ec7c9555b49
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7502B321E1DB8340FA57BB11A81067EE690AF45B90FD56637EDAD463D2DE3CB4A18330
                                                                                                                                                                                          Function 00007FF7DE86DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                          • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                          • Instruction ID: 0e6300878624425889153ac789caad07f8d955c1f1409229d71f6ea582f18142
                                                                                                                                                                                          • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DA13773A087C986EB22EF25A4007ADBB91EB64B84F84A036DE8D477C5DE3DD511C711
                                                                                                                                                                                          Function 00007FF7DE868804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: TMP
                                                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                                                          • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                          • Instruction ID: bfeb8f34e38efb133d048ac6e05e8e4a2800fe7f03f05f780cd73444346b9b28
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD51C221F1864241FA6ABB26591127ED2916F84BC4FD8703EDE4E577D2EE3CE4624321
                                                                                                                                                                                          Function 00007FF7DE8734F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                          • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                          • Instruction ID: d86636a8e2086a50c9e759629aaae8af5deadecf9b8cd3ba1a860023de6a7b38
                                                                                                                                                                                          • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DB09220E17A02CAEA0A3B616C8621C62A6BF48701FD8113AC05D41330DE2C38F55720
                                                                                                                                                                                          Function 00007FF7DE863610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                          • Instruction ID: cd4b2eed764fcaba307db48eecd3edb5c7afbb70ba573ed539e6663e0c4ed582
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                          • Instruction Fuzzy Hash: 98D1E872A0864246EB2BAE25805027DA3A0FF85B58FD4623FCE0D17795DF3DE861C760
                                                                                                                                                                                          Function 00007FF7DE859870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                          • Instruction ID: 2a0deaedb7690e77e65d770de181096685e56f9f1b6f74eeaa17419def73b19c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DC19D762181E08BD28AEB29E47947A73E1F78930DBD5506BEF8747685CB3CA414DB20
                                                                                                                                                                                          Function 00007FF7DE862C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                          • Instruction ID: 116a3649f5620f4a5ac165c916623c2ff2c6d771546e6b90e7acb032b40ba0b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BB19D72A08B8585E7669F29C05023CFBA0E74AB48FE4617ADB4E47395CF39D461C760
                                                                                                                                                                                          Function 00007FF7DE86E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                          • Instruction ID: 0267e1db935bd0b3edc592d6d6af18075dc43e6e25a9ceeb37dbf54e3625eff7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 91811472A0C78186EB75EF19A48037EBA91FB45794FD0523ADA8D07BD5CE3CE6108B10
                                                                                                                                                                                          Function 00007FF7DE876488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                          • Instruction ID: 4698265fff7e1667cc69b2f97906404b471c72d260793be82179ea0bf4bb07ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 26614E72F1C59246FB26B968804427DE681AF40760FD4223BD69F46AC5DF7DE8A0A720
                                                                                                                                                                                          Function 00007FF7DE861DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                          • Instruction ID: c38f26c14d5078d5cdd539211ab0ecb46768e0f646680dc2b0e2faf177de3a50
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                          • Instruction Fuzzy Hash: E151CA36A18A5282E7659B28C04023CB3A1EB54F59FE4613ACE4C47795CF3AEC63C750
                                                                                                                                                                                          Function 00007FF7DE8619B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                          • Instruction ID: 70f986258659cb559b477fb8dd0c0340eb1a09a6227d294c1690b887e53dfae6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7451A736A1865182E7259F29C04023CB3A0EB44F5AFE4613ACE4D57796DF3AE863C750
                                                                                                                                                                                          Function 00007FF7DE8621D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                          • Instruction ID: 90fde4d9e3d62102169b140103ee7092cceb09d8e25a3a2022994b22f8c8c5ef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                          • Instruction Fuzzy Hash: 26518572A1865186E7669B29D04023CF3A0FB54B58FE4617ACE4D177F4CB3AE863C750
                                                                                                                                                                                          Function 00007FF7DE8617B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                          • Instruction ID: 9f22db10c147593113d469f5c441e9454542c32d22865945c0ed354e5dca3312
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                          • Instruction Fuzzy Hash: B451F936A1865185E7669B29C04033CB3A1EB45F59FE4603ACE4C27796CF3AEC63C790
                                                                                                                                                                                          Function 00007FF7DE861FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                          • Instruction ID: 091f93cd7f29df2ef9292fc6e6c0dba538e46de470c861ce62f95feb0c54b059
                                                                                                                                                                                          • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA51A636A1865285EB269B29C44023CF7B1EB54B58FE46176CE4C177A4CF3AEC63C750
                                                                                                                                                                                          Function 00007FF7DE861BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                          • Instruction ID: d828201d7498a6a838401ab471d28955ff2dc5cd046b1713317b402e6c607a1a
                                                                                                                                                                                          • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5251B632A1866186E7669B29C04033CB7A1EB45F59FE4613ACE4C17796CF3AEC63C750
                                                                                                                                                                                          Function 00007FF7DE865DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                          • Instruction ID: a58d4e74eb277f55ef52c6dbc4ede7463007f70c30a5f6fae24aa3bd8c2b4f27
                                                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C41D9B2C09B4A45ED679B6805046BCF7809F22BA0DD83A7EDC99533C3DD0C69668321
                                                                                                                                                                                          Function 00007FF7DE869F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                          • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                          • Instruction ID: 184a9b2eba843929eb4ec9065cfd99b783de57b7fac035811a1a8217aa98fdb6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                          • Instruction Fuzzy Hash: F4412332714A5582EF08DF2AEA5416DB3A1BB48FD4B99A437DE0D97B58DE3CC4528300
                                                                                                                                                                                          Function 00007FF7DE868154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                          • Instruction ID: f0c1b8e16b5655397648dccf88512ccd717cacd929572444d4f43874a91cda05
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F31C732B08B8282E755EF25684013EA6D5AF85BD0FD4523EEA9D63BD5DF3CD0214314
                                                                                                                                                                                          Function 00007FF7DE8795E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                          • Instruction ID: 32f0cb23e35277d07447d1e98b15b6f076304b1115f7db873892dcad0c03112c
                                                                                                                                                                                          • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1F04471B182558ADB9A9F69BC0262977D0F708780FD0903AD58D83A14DA3C90619F14
                                                                                                                                                                                          Function 00007FF7DE85D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                          • Instruction ID: 6d6d4496f5a24bd012a0946d3081f459578f76c7834508cf285e4ddea0cbb4bb
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DA0012191D84AD4E646AB00A89006AA322BB51309BC02072E44D424B0AE3CA8A09220
                                                                                                                                                                                          Function 00007FF7DE8576B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressErrorLastProc
                                                                                                                                                                                          • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                          • API String ID: 199729137-3427451314
                                                                                                                                                                                          • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                          • Instruction ID: 5a58c4d916f7e539188a42e76aca12defb16a94099ddf28620f34bf808123c8e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3802B724E0DB0791FA17BB55A81457CA3A2BF09759FC57037D89E122A0EF3DB5B88231
                                                                                                                                                                                          Function 00007FF7DE8581C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7DE859400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7DE8545E4,00000000,00007FF7DE851985), ref: 00007FF7DE859439
                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7DE8588A7,?,?,00000000,00007FF7DE853CBB), ref: 00007FF7DE85821C
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852810: MessageBoxW.USER32 ref: 00007FF7DE8528EA
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                          • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                          • API String ID: 1662231829-930877121
                                                                                                                                                                                          • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                          • Instruction ID: 767fe33f9226a040a3923fe8721c9a46d07f754d07862070349da5382db5ca6d
                                                                                                                                                                                          • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A51E721A2DA4285FB12FB20E8512BEE3A1AF94784FC46433D94E536D5EF3CE4648770
                                                                                                                                                                                          Function 00007FF7DE852180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                          • Instruction ID: 9fa6d8ae8eec6973404e6e28a265890e5a12ffe9984478b14161b43d5ea052fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B5117266047A186D634AF22B4181BEF7A2F798B65F404132EFCE43694DF3CD095CB20
                                                                                                                                                                                          Function 00007FF7DE8580B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                          • String ID: Needs to remove its temporary files.
                                                                                                                                                                                          • API String ID: 3975851968-2863640275
                                                                                                                                                                                          • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                          • Instruction ID: 0299262232c8613e30386f331d4f747ad79a8082489b192665624fa37097cb4a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 53218821B08A8281E7577B7AA95417DA252FF88B94FD86133DE6D433D4DE2CD9E08320
                                                                                                                                                                                          Function 00007FF7DE866300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                          • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                          • Instruction ID: b3ce3b36e75d77c49898157a342c6fea27c2d3a51f879c4b37e9587feb24baf9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                          • Instruction Fuzzy Hash: E412A072E0C18386FB227B15A11527DF696FB40754FC8613BD68B4A6C4DF3CE5A0AB21
                                                                                                                                                                                          Function 00007FF7DE861038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                          • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                          • Instruction ID: 95cf28c4f8e05ee0da6bcccdca276bea728585e0c7c0309316a53fad547c8846
                                                                                                                                                                                          • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75128135E0C14385FB22BA15A15467DF262EB40756FC8603BE69E47AD6DF7CE4A08B20
                                                                                                                                                                                          Function 00007FF7DE851050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                          • Opcode ID: 459c70ac1d7639bc8463e208505d68a8d1b4527688a9ba0853ea1617660c4a39
                                                                                                                                                                                          • Instruction ID: 2772ae5d946c239cc33853ffe6304f67ec57d6ec950586f8de20b43074be833f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 459c70ac1d7639bc8463e208505d68a8d1b4527688a9ba0853ea1617660c4a39
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6419421B08A5282EA12FB12A8006BDE392FF45BC5FD46833ED4D07795DF3CE9658760
                                                                                                                                                                                          Function 00007FF7DE851470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                          • Opcode ID: 0b283387f8163d2c1451a1fd9c7ee0611bebd7135be36a4017c4ebfd3c397b14
                                                                                                                                                                                          • Instruction ID: ad04b79027fcc5c0dac446118ac627a64e2ff1ad8c43dab3e202af08438b6e17
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b283387f8163d2c1451a1fd9c7ee0611bebd7135be36a4017c4ebfd3c397b14
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2418E31A08A4285EA12FF6194406BDE392BF44798FC46837ED5D07B95DE3CE9658720
                                                                                                                                                                                          Function 00007FF7DE85EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                          • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                          • Instruction ID: 59f45996fb583bffebd2d4d8cd249859d9dffb820faa5eb8009629c1954c1f6e
                                                                                                                                                                                          • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                          • Instruction Fuzzy Hash: 80D17F32A18B4186EB22EB65D8403ADB7A0FB45788FD02137EE4D57B95DF38E5A0C711
                                                                                                                                                                                          Function 00007FF7DE86ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7DE86F11A,?,?,000001864AA76948,00007FF7DE86ADC3,?,?,?,00007FF7DE86ACBA,?,?,?,00007FF7DE865FAE), ref: 00007FF7DE86EEFC
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7DE86F11A,?,?,000001864AA76948,00007FF7DE86ADC3,?,?,?,00007FF7DE86ACBA,?,?,?,00007FF7DE865FAE), ref: 00007FF7DE86EF08
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                          • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                          • Instruction ID: c74ae569c6f1d8204ff3fbb06581b3c49daad38fa36989df5de1b07cea31e478
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E41F231B19B0241FA17FB16A80467DA392BF49B90FD8653BED1D47784EE3CE9658320
                                                                                                                                                                                          Function 00007FF7DE852C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DE853706,?,00007FF7DE853804), ref: 00007FF7DE852C9E
                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DE853706,?,00007FF7DE853804), ref: 00007FF7DE852D63
                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7DE852D99
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                          • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                          • API String ID: 3940978338-251083826
                                                                                                                                                                                          • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                          • Instruction ID: ea975268b46ce83be5131c2b7cc3dc5143caded830cceb273cff45614971f551
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0331E522708B4142E622BB21A8442AFE6A2BF88BC8FC01137EF4D93759DE3CD556C710
                                                                                                                                                                                          Function 00007FF7DE85DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7DE85DFEA,?,?,?,00007FF7DE85DCDC,?,?,?,00007FF7DE85D8D9), ref: 00007FF7DE85DDBD
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7DE85DFEA,?,?,?,00007FF7DE85DCDC,?,?,?,00007FF7DE85D8D9), ref: 00007FF7DE85DDCB
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF7DE85DFEA,?,?,?,00007FF7DE85DCDC,?,?,?,00007FF7DE85D8D9), ref: 00007FF7DE85DDF5
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF7DE85DFEA,?,?,?,00007FF7DE85DCDC,?,?,?,00007FF7DE85D8D9), ref: 00007FF7DE85DE63
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF7DE85DFEA,?,?,?,00007FF7DE85DCDC,?,?,?,00007FF7DE85D8D9), ref: 00007FF7DE85DE6F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                          • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                          • Instruction ID: 3c72f929d5567acd4c806cce3832eaae0d77df50e3d1b185e1767c72c11ef685
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                          • Instruction Fuzzy Hash: C6318521B19A82D5EE13FB02A80057EA395FF54BA4FE96536DD1D47394EF3CE4648320
                                                                                                                                                                                          Function 00007FF7DE856350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                          • Opcode ID: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                          • Instruction ID: fc02460895ecd8c69819283434e7eed5b671a7b8855b02f56d1318c1d9df5d9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: c6b32316bfe7a0aff6899d53276924ef6fe1744c5bc58fcca4aca07baf8add6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B9417121A08A8691EA12FB20E5542FEE361FF54384FD01133EA9D43695EF3CE665C760
                                                                                                                                                                                          Function 00007FF7DE852A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7DE85351A,?,00000000,00007FF7DE853F23), ref: 00007FF7DE852AA0
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                          • API String ID: 2050909247-2900015858
                                                                                                                                                                                          • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                          • Instruction ID: b24297bd21335cc333ac655c4d1eac86e8d71c3b7b0de587840fc0d8d657a6c1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                          • Instruction Fuzzy Hash: F321A132A18B8182E622AB50B8807EEA3A4FB887C4FC01137EE8C43659DF3CD555CB10
                                                                                                                                                                                          Function 00007FF7DE86B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                          • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                          • Instruction ID: 932f322d7f3dd2065a99bbecbad8bca89d4939be809f58d75e2c8bb37c53be99
                                                                                                                                                                                          • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8217C30F0C64246FA6A7761969113DD1825F447A8FD0673ED93E07BD6DE2CE4608321
                                                                                                                                                                                          Function 00007FF7DE877DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                          • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                          • Instruction ID: 11db13d267e15dc0ceaf0ababb6c0198d6326a43d9e2c14faba963d595e91c4c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30117531A18B4186E351AB52B89432DA2A1BB48FE4FC01235DD9D877A4DF7CD8648750
                                                                                                                                                                                          Function 00007FF7DE858560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF7DE859216), ref: 00007FF7DE858592
                                                                                                                                                                                          • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF7DE859216), ref: 00007FF7DE8585E9
                                                                                                                                                                                            • Part of subcall function 00007FF7DE859400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7DE8545E4,00000000,00007FF7DE851985), ref: 00007FF7DE859439
                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7DE859216), ref: 00007FF7DE858678
                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF7DE859216), ref: 00007FF7DE8586E4
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF7DE859216), ref: 00007FF7DE8586F5
                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00000000,00007FF7DE859216), ref: 00007FF7DE85870A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3462794448-0
                                                                                                                                                                                          • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                          • Instruction ID: b04dc20fdfa4f3013b996f5232cd9ebf32ba3877d2bd38db0f534b8c924b1a41
                                                                                                                                                                                          • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8419222B1968281EA32BB11A5456AEA395FF84BC4FC46137DF8D57B89DF3CD421C720
                                                                                                                                                                                          Function 00007FF7DE86B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA,?,?,?,?,00007FF7DE8671FF), ref: 00007FF7DE86B347
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA,?,?,?,?,00007FF7DE8671FF), ref: 00007FF7DE86B37D
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA,?,?,?,?,00007FF7DE8671FF), ref: 00007FF7DE86B3AA
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA,?,?,?,?,00007FF7DE8671FF), ref: 00007FF7DE86B3BB
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA,?,?,?,?,00007FF7DE8671FF), ref: 00007FF7DE86B3CC
                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF7DE864F81,?,?,?,?,00007FF7DE86A4FA,?,?,?,?,00007FF7DE8671FF), ref: 00007FF7DE86B3E7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                          • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                          • Instruction ID: 1c2deaed899822149a640c382cfef72baf6702ee4771b9c90d453853020ca403
                                                                                                                                                                                          • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                          • Instruction Fuzzy Hash: F5116030B0C64282FA5A7721A69113DE1825F447B8FD4673BED7E477E6DE2CE4618322
                                                                                                                                                                                          Function 00007FF7DE852910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7DE851B6A), ref: 00007FF7DE85295E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                          • API String ID: 2050909247-2962405886
                                                                                                                                                                                          • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                          • Instruction ID: 5955d881250d937c4bc29a4e47ebcaa29f1228ef47579d1035ec99442780f276
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1631F632B18A8152E722B761A8406EFA695BF887D8FC01133EE8D83759EF3CD556C710
                                                                                                                                                                                          Function 00007FF7DE852390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                          • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                          • Instruction ID: e424c62ff54d9b8ee8b7e78ebf366153dd7328267d41c156b8e093bcca0a5843
                                                                                                                                                                                          • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71315F32A19A8189EB21FB61E8552FEA361FF89788FC41136EA4D47B49DF3CD150C710
                                                                                                                                                                                          Function 00007FF7DE852B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF7DE85918F,?,00007FF7DE853C55), ref: 00007FF7DE852BA0
                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF7DE852C2A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentMessageProcess
                                                                                                                                                                                          • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                          • API String ID: 1672936522-3797743490
                                                                                                                                                                                          • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                          • Instruction ID: 2d53620cc149d6dd35667762f443d5c4f6bfa37ddf9f16b1f2d20cb977a53ea4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7521BC22708B4182E712AB54B8847EEB7A5FB88784FC02136EE8D57759DE3CD665C710
                                                                                                                                                                                          Function 00007FF7DE852710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF7DE851B99), ref: 00007FF7DE852760
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                          • API String ID: 2050909247-1591803126
                                                                                                                                                                                          • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                          • Instruction ID: 2264dec96af29af2665c977eb60d8707c609c4eff75205b0c4f3af958c5b616b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5521A332A18B8182E622EB50B8807EEA794FB88384FC01136EE8C43659DF3CD5558B10
                                                                                                                                                                                          Function 00007FF7DE869AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                          • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                          • Instruction ID: 0cfb837d2db723adb8e0d411a3a780c75559acabe7766782b6c28e00f1394559
                                                                                                                                                                                          • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F06231B0970681EB12AB24E49977DD361AF45769FD4223BCAAE475F4DF2CD494C320
                                                                                                                                                                                          Function 00007FF7DE8793D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                          • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                          • Instruction ID: 28dd63e67e0adaf70ce9f0c30ab2f8da22598cc6e72bcbf9b9676948f15084fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D11E372E0CAA301F7567128D65637DA0546F5A370FCA2636EAFE062D6CE2CA8E14134
                                                                                                                                                                                          Function 00007FF7DE86B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF7DE86A613,?,?,00000000,00007FF7DE86A8AE,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86B41F
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE86A613,?,?,00000000,00007FF7DE86A8AE,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86B43E
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE86A613,?,?,00000000,00007FF7DE86A8AE,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86B466
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE86A613,?,?,00000000,00007FF7DE86A8AE,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86B477
                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF7DE86A613,?,?,00000000,00007FF7DE86A8AE,?,?,?,?,?,00007FF7DE86A83A), ref: 00007FF7DE86B488
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                          • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                          • Instruction ID: 4f525975392d46404b0053a942aec792e0a72a787059b4c0dbd031b2969088b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                          • Instruction Fuzzy Hash: E7115130F0C64242FA5AB725AA9117DE1425F447B8FD4A33EE97D476D6DE2CF4218322
                                                                                                                                                                                          Function 00007FF7DE86B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                          • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                          • Instruction ID: 6ba245ef06d17eabd1647db2ffaff4e308af88ce0b417aea35d3a946883a4d66
                                                                                                                                                                                          • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1112A30F0820746FAAA7661999127E92824F45338FD4773ED93E4A2E3DE2CB4214232
                                                                                                                                                                                          Function 00007FF7DE866010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                          • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                          • Instruction ID: ae7472c374550b9e07603c59bc92975dfd41d95991ba033c910eb6d47e9ffc2b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6791D232A08A8685F762AF25D45037DB3A1AB40B94FC4613BDA5F473C5DF3CE4659321
                                                                                                                                                                                          Function 00007FF7DE86FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                          • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                          • Instruction ID: 23d103834c2d620cad96befe8a05ac79ac8dc6e416be6d1e97708e41cd63f241
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE81A232E0864285F7676F29C15027CBAA0AF11B48FD5603FDA099B799DF2DF9318361
                                                                                                                                                                                          Function 00007FF7DE85D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                          • API String ID: 2395640692-1018135373
                                                                                                                                                                                          • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                          • Instruction ID: fd90b77836e7788a4c42a5fc212a51c2b3278ae08f001c43f2f33b666f22c2ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA51D332B196828ADB16EB15E044A3EB391EB84B98FD05536DE5E437C4DF3CE861C710
                                                                                                                                                                                          Function 00007FF7DE85EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                          • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                          • Instruction ID: 467e63ed133cb5aae6241a9173e4b4b4107057bd5139b8e335d94fbfe2037c3e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB619132908BC585E762EB15E4407AEF7A0FB85B84F845226EB9C07B95DF7CD1A4CB10
                                                                                                                                                                                          Function 00007FF7DE85F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                          • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                          • Instruction ID: 60723561d1b81001db107f1010bca464a9ba2bfb5a5e14cfe666b0d32dd4d889
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60517D3290838286EA75AF21D54427CB7A0FB54B98FD46237EA9D47B95CF3CE460C711
                                                                                                                                                                                          Function 00007FF7DE852810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                          • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                          • API String ID: 2030045667-255084403
                                                                                                                                                                                          • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                          • Instruction ID: 5885436dda37efdf9fb5fbce29ed0b2f4276d47c1edcbacb9e92bf4ca1b410a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5221BF72B08B4182E612AB54B8447EEB7A1FB88784FC01136EE8D53755DE3CD665C710
                                                                                                                                                                                          Function 00007FF7DE86C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                          • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                          • Instruction ID: c1f41f11ca73ac13c2409c39cec024fb25fc94eb39bbae074427eeb2cf69112b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DD13772B18A8089E712EF75D4401AC77B2FB44798BC0923ADE5D97B99DE38D026C350
                                                                                                                                                                                          Function 00007FF7DE8520C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                          • Instruction ID: e541af3533fb6fa93f4e9fff82a00161cb39405596f1d0ec2eee72f2ed587e17
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                          • Instruction Fuzzy Hash: 28110C21F0C15242F656B769E64827ED263EF84780FC86032DB4907B89CD3DE8F18210
                                                                                                                                                                                          Function 00007FF7DE875B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                          • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                          • Instruction ID: 392c89b71121515ba401de48c1b8d20f02f1ab5effe265a5eb46dc35d01f756e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                          • Instruction Fuzzy Hash: D1410822A0C78246FB26BB25940177EF650EB90BA4FD45236EE9D06AD5DE3CD4E2C710
                                                                                                                                                                                          Function 00007FF7DE869084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7DE8690B6
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9CE
                                                                                                                                                                                            • Part of subcall function 00007FF7DE86A9B8: GetLastError.KERNEL32(?,?,?,00007FF7DE872D92,?,?,?,00007FF7DE872DCF,?,?,00000000,00007FF7DE873295,?,?,?,00007FF7DE8731C7), ref: 00007FF7DE86A9D8
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7DE85CC15), ref: 00007FF7DE8690D4
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\Cb89Ti1Mib.exe
                                                                                                                                                                                          • API String ID: 3580290477-2760175178
                                                                                                                                                                                          • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                          • Instruction ID: 95b97efc72d04c2087fcf4235f039845772ef2be245022891e8aa2ff28d84e7b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F418232A08B5285EB16FF25A8401BDE3A5EF447D4BE5603BE94D47B85DE3CE4A18360
                                                                                                                                                                                          Function 00007FF7DE86CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                          • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                          • Instruction ID: 6e71eacf0c47865999dd46fccdcaf1ed0085bce28ccc16460586e059771d43ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8141C532B18A8181DB22EF25E4443ADA7A1FB88794FC05036EE4D97B98EF3CD451CB50
                                                                                                                                                                                          Function 00007FF7DE86F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                          • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                          • Instruction ID: 8d35289d51c7d541d29d475390cd5c6ba369d8b9dd14e3405892858b8f06d6e6
                                                                                                                                                                                          • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1921F832A0868182FB25AF11E44426DB3B2FB84B48FD5503BDA8D43694DF7CE955CB60
                                                                                                                                                                                          Function 00007FF7DE85FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                          • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                          • Instruction ID: d7a9df1249cc5a284fa74849bce168ac8809ab490e9dddde398e31381ad5c4fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C112E32619B8182EB629F15F44026DB7E5FB88B88F985231DACD07B59DF3CD5618B00
                                                                                                                                                                                          Function 00007FF7DE8707AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.2616937406.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.2616904730.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2616979563.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617005723.00007FF7DE892000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.2617085080.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                          • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                          • Instruction ID: 2f49a8f5fe917a3249f6970c3c47e2d8005d722b50b51a7b1aa7c5c847b249a2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD01842291864385F722BF60946527EA3A0FF44748FD02037D59D42691DF3DE5648A34

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00007FF8F7A91220 Relevance: 673.2, APIs: 191, Strings: 193, Instructions: 1225networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Module_$Constant$ObjectString$Err_$DeallocExceptionFrom$Capsule_ExitFormatLongLong_MallocMem_MetaclassStartupTypeType_Unsigned
                                                                                                                                                                                          • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                                                                                                                                          • API String ID: 585143114-1188461360
                                                                                                                                                                                          • Opcode ID: 7ce75d0e8ce51beaa5017a69f1cafd12c0347cf952baad51f27e7ce9e03ee791
                                                                                                                                                                                          • Instruction ID: d7db3013010d08cd3cd2fc8750f0110bd42110f4eb9ef0e5e45a4bb69502f3db
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ce75d0e8ce51beaa5017a69f1cafd12c0347cf952baad51f27e7ce9e03ee791
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DC2F65CF1875369FB008F26E8562BD27747FA5BC1F429035C92E866E4EE6DE229C340
                                                                                                                                                                                          Function 00007FF7DE851000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 289 7ff7de851000-7ff7de853806 call 7ff7de85fe88 call 7ff7de85fe90 call 7ff7de85c8c0 call 7ff7de865460 call 7ff7de8654f4 call 7ff7de8536b0 303 7ff7de853808-7ff7de85380f 289->303 304 7ff7de853814-7ff7de853836 call 7ff7de851950 289->304 305 7ff7de853c97-7ff7de853cb2 call 7ff7de85c5c0 303->305 309 7ff7de85391b-7ff7de853931 call 7ff7de8545b0 304->309 310 7ff7de85383c-7ff7de853856 call 7ff7de851c80 304->310 317 7ff7de85396a-7ff7de85397f call 7ff7de852710 309->317 318 7ff7de853933-7ff7de853960 call 7ff7de857f80 309->318 314 7ff7de85385b-7ff7de85389b call 7ff7de858a20 310->314 323 7ff7de85389d-7ff7de8538a3 314->323 324 7ff7de8538c1-7ff7de8538cc call 7ff7de864fa0 314->324 326 7ff7de853c8f 317->326 330 7ff7de853984-7ff7de8539a6 call 7ff7de851c80 318->330 331 7ff7de853962-7ff7de853965 call 7ff7de8600bc 318->331 327 7ff7de8538a5-7ff7de8538ad 323->327 328 7ff7de8538af-7ff7de8538bd call 7ff7de858b90 323->328 338 7ff7de8539fc-7ff7de853a2a call 7ff7de858b30 call 7ff7de858b90 * 3 324->338 339 7ff7de8538d2-7ff7de8538e1 call 7ff7de858a20 324->339 326->305 327->328 328->324 340 7ff7de8539b0-7ff7de8539b9 330->340 331->317 365 7ff7de853a2f-7ff7de853a3e call 7ff7de858a20 338->365 346 7ff7de8538e7-7ff7de8538ed 339->346 347 7ff7de8539f4-7ff7de8539f7 call 7ff7de864fa0 339->347 340->340 344 7ff7de8539bb-7ff7de8539d8 call 7ff7de851950 340->344 344->314 357 7ff7de8539de-7ff7de8539ef call 7ff7de852710 344->357 350 7ff7de8538f0-7ff7de8538fc 346->350 347->338 354 7ff7de8538fe-7ff7de853903 350->354 355 7ff7de853905-7ff7de853908 350->355 354->350 354->355 355->347 358 7ff7de85390e-7ff7de853916 call 7ff7de864fa0 355->358 357->326 358->365 368 7ff7de853a44-7ff7de853a47 365->368 369 7ff7de853b45-7ff7de853b53 365->369 368->369 372 7ff7de853a4d-7ff7de853a50 368->372 370 7ff7de853a67 369->370 371 7ff7de853b59-7ff7de853b5d 369->371 373 7ff7de853a6b-7ff7de853a90 call 7ff7de864fa0 370->373 371->373 374 7ff7de853b14-7ff7de853b17 372->374 375 7ff7de853a56-7ff7de853a5a 372->375 384 7ff7de853aab-7ff7de853ac0 373->384 385 7ff7de853a92-7ff7de853aa6 call 7ff7de858b30 373->385 377 7ff7de853b19-7ff7de853b1d 374->377 378 7ff7de853b2f-7ff7de853b40 call 7ff7de852710 374->378 375->374 376 7ff7de853a60 375->376 376->370 377->378 382 7ff7de853b1f-7ff7de853b2a 377->382 386 7ff7de853c7f-7ff7de853c87 378->386 382->373 388 7ff7de853be8-7ff7de853bfa call 7ff7de858a20 384->388 389 7ff7de853ac6-7ff7de853aca 384->389 385->384 386->326 397 7ff7de853bfc-7ff7de853c02 388->397 398 7ff7de853c2e 388->398 391 7ff7de853bcd-7ff7de853be2 call 7ff7de851940 389->391 392 7ff7de853ad0-7ff7de853ae8 call 7ff7de8652c0 389->392 391->388 391->389 402 7ff7de853aea-7ff7de853b02 call 7ff7de8652c0 392->402 403 7ff7de853b62-7ff7de853b7a call 7ff7de8652c0 392->403 400 7ff7de853c1e-7ff7de853c2c 397->400 401 7ff7de853c04-7ff7de853c1c 397->401 404 7ff7de853c31-7ff7de853c40 call 7ff7de864fa0 398->404 400->404 401->404 402->391 413 7ff7de853b08-7ff7de853b0f 402->413 411 7ff7de853b7c-7ff7de853b80 403->411 412 7ff7de853b87-7ff7de853b9f call 7ff7de8652c0 403->412 414 7ff7de853c46-7ff7de853c4a 404->414 415 7ff7de853d41-7ff7de853d63 call 7ff7de8544d0 404->415 411->412 428 7ff7de853bac-7ff7de853bc4 call 7ff7de8652c0 412->428 429 7ff7de853ba1-7ff7de853ba5 412->429 413->391 418 7ff7de853cd4-7ff7de853ce6 call 7ff7de858a20 414->418 419 7ff7de853c50-7ff7de853c5f call 7ff7de8590e0 414->419 426 7ff7de853d65-7ff7de853d6f call 7ff7de854620 415->426 427 7ff7de853d71-7ff7de853d82 call 7ff7de851c80 415->427 432 7ff7de853ce8-7ff7de853ceb 418->432 433 7ff7de853d35-7ff7de853d3c 418->433 430 7ff7de853cb3-7ff7de853cbd call 7ff7de858850 419->430 431 7ff7de853c61 419->431 440 7ff7de853d87-7ff7de853d96 426->440 427->440 428->391 448 7ff7de853bc6 428->448 429->428 453 7ff7de853cc8-7ff7de853ccf 430->453 454 7ff7de853cbf-7ff7de853cc6 430->454 437 7ff7de853c68 call 7ff7de852710 431->437 432->433 438 7ff7de853ced-7ff7de853d10 call 7ff7de851c80 432->438 433->437 449 7ff7de853c6d-7ff7de853c77 437->449 455 7ff7de853d2b-7ff7de853d33 call 7ff7de864fa0 438->455 456 7ff7de853d12-7ff7de853d26 call 7ff7de852710 call 7ff7de864fa0 438->456 445 7ff7de853d98-7ff7de853d9f 440->445 446 7ff7de853dc4-7ff7de853dda call 7ff7de859400 440->446 445->446 451 7ff7de853da1-7ff7de853da5 445->451 461 7ff7de853ddc 446->461 462 7ff7de853de8-7ff7de853e04 SetDllDirectoryW 446->462 448->391 449->386 451->446 457 7ff7de853da7-7ff7de853dbe SetDllDirectoryW LoadLibraryExW 451->457 453->440 454->437 455->440 456->449 457->446 461->462 463 7ff7de853e0a-7ff7de853e19 call 7ff7de858a20 462->463 464 7ff7de853f01-7ff7de853f08 462->464 477 7ff7de853e1b-7ff7de853e21 463->477 478 7ff7de853e32-7ff7de853e3c call 7ff7de864fa0 463->478 469 7ff7de853ffc-7ff7de854004 464->469 470 7ff7de853f0e-7ff7de853f15 464->470 474 7ff7de854029-7ff7de854034 call 7ff7de8536a0 call 7ff7de853360 469->474 475 7ff7de854006-7ff7de854023 PostMessageW GetMessageW 469->475 470->469 473 7ff7de853f1b-7ff7de853f25 call 7ff7de8533c0 470->473 473->449 485 7ff7de853f2b-7ff7de853f3f call 7ff7de8590c0 473->485 489 7ff7de854039-7ff7de85405b call 7ff7de853670 call 7ff7de856fb0 call 7ff7de856d60 474->489 475->474 481 7ff7de853e2d-7ff7de853e2f 477->481 482 7ff7de853e23-7ff7de853e2b 477->482 490 7ff7de853ef2-7ff7de853efc call 7ff7de858b30 478->490 491 7ff7de853e42-7ff7de853e48 478->491 481->478 482->481 496 7ff7de853f64-7ff7de853fa7 call 7ff7de858b30 call 7ff7de858bd0 call 7ff7de856fb0 call 7ff7de856d60 call 7ff7de858ad0 485->496 497 7ff7de853f41-7ff7de853f5e PostMessageW GetMessageW 485->497 490->464 491->490 495 7ff7de853e4e-7ff7de853e54 491->495 499 7ff7de853e56-7ff7de853e58 495->499 500 7ff7de853e5f-7ff7de853e61 495->500 538 7ff7de853fe9-7ff7de853ff7 call 7ff7de851900 496->538 539 7ff7de853fa9-7ff7de853fb3 call 7ff7de859200 496->539 497->496 503 7ff7de853e67-7ff7de853e83 call 7ff7de856db0 call 7ff7de857330 499->503 504 7ff7de853e5a 499->504 500->464 500->503 516 7ff7de853e8e-7ff7de853e95 503->516 517 7ff7de853e85-7ff7de853e8c 503->517 504->464 520 7ff7de853e97-7ff7de853ea4 call 7ff7de856df0 516->520 521 7ff7de853eaf-7ff7de853eb9 call 7ff7de8571a0 516->521 519 7ff7de853edb-7ff7de853ef0 call 7ff7de852a50 call 7ff7de856fb0 call 7ff7de856d60 517->519 519->464 520->521 532 7ff7de853ea6-7ff7de853ead 520->532 533 7ff7de853ebb-7ff7de853ec2 521->533 534 7ff7de853ec4-7ff7de853ed2 call 7ff7de8574e0 521->534 532->519 533->519 534->464 544 7ff7de853ed4 534->544 538->449 539->538 548 7ff7de853fb5-7ff7de853fca 539->548 544->519 549 7ff7de853fcc-7ff7de853fdf call 7ff7de852710 call 7ff7de851900 548->549 550 7ff7de853fe4 call 7ff7de852a50 548->550 549->449 550->538
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastModuleName
                                                                                                                                                                                          • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                          • API String ID: 2776309574-4232158417
                                                                                                                                                                                          • Opcode ID: d02545141998fec8b25848ae1ed1df906e7abc4b971c3e4ab34b798fb2006b6e
                                                                                                                                                                                          • Instruction ID: 0c972fccdd5ab0e24befdc8a2369378593f9cae6b0bd9e1f5f5cace45e88ef62
                                                                                                                                                                                          • Opcode Fuzzy Hash: d02545141998fec8b25848ae1ed1df906e7abc4b971c3e4ab34b798fb2006b6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C326D21A0C68291FB27FB2495543BDE6A1AF45784FC46837DA5D432DAEF2CE5B4C320
                                                                                                                                                                                          Function 00007FF7DE8769D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                          • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                          • Instruction ID: 7ea33fa915385debcd0544e877e478bc7d045644471b320a9b556bc7fe734e3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6C1D232B28A4285EB11EF65D4902AC7761FB49B98FC1623ADE6E577D4CF38D4A1C310
                                                                                                                                                                                          Function 00007FF8F7A95074 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                                                                                                                                          • String ID: bind$socket.bind
                                                                                                                                                                                          • API String ID: 1695574521-187351271
                                                                                                                                                                                          • Opcode ID: 77259c4cc41cffc2c3f1a4c23cf7c52fadd24801fbce19dc13b5509f2f44b2df
                                                                                                                                                                                          • Instruction ID: 5e00648d4292ed185fed32f606cb3051138db690fedc3b8b61ef4d885102d229
                                                                                                                                                                                          • Opcode Fuzzy Hash: 77259c4cc41cffc2c3f1a4c23cf7c52fadd24801fbce19dc13b5509f2f44b2df
                                                                                                                                                                                          • Instruction Fuzzy Hash: 10111D29A08B8296FB209B15F4423AE7374FBA87C0F560136DA6D47B94DF2CE4648700
                                                                                                                                                                                          Function 00007FF7DE8592F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                          • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                          • Instruction ID: 21996421cb8e3602878c1d0c4ed83ae995fc47dc82e713eae290538b02ca207d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F0CD22618741C6F761AB94F4487AEB350FB44328FC42336D9BD02AD4DF3CD058CA10
                                                                                                                                                                                          Function 00007FF8F7A96260 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: recv
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1507349165-0
                                                                                                                                                                                          • Opcode ID: 99e5f51573d728835275b842b7b463659f533cb3bd81800f4d5850c3710a3088
                                                                                                                                                                                          • Instruction ID: 4f49085c4d3bd631c04b0923acc6c4a7611cff18e12e7f3f7eee10505ef208c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 99e5f51573d728835275b842b7b463659f533cb3bd81800f4d5850c3710a3088
                                                                                                                                                                                          • Instruction Fuzzy Hash: 79E04FF6E14A8582EB249B56E4412A87361F759FB4F245721CA380B3D0DE38D4F1C740
                                                                                                                                                                                          Function 00007FF8E83B12D0 Relevance: 312.0, APIs: 80, Strings: 98, Instructions: 485COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 214 7ff8e83b12d0-7ff8e83b1789 PyModule_AddStringConstant PyModule_AddIntConstant * 53 call 7ff8e83b1c30 217 7ff8e83b36d0 214->217 218 7ff8e83b178f-7ff8e83b17a3 call 7ff8e83b1c30 214->218 218->217 221 7ff8e83b17a9-7ff8e83b17c0 call 7ff8e83b1c30 218->221 221->217 224 7ff8e83b17c6-7ff8e83b17dd call 7ff8e83b1c30 221->224 224->217 227 7ff8e83b17e3-7ff8e83b17f3 call 7ff8e83b1c30 224->227 229 7ff8e83b17f8-7ff8e83b17fa 227->229 229->217 230 7ff8e83b1800-7ff8e83b1817 call 7ff8e83b1c30 229->230 230->217 233 7ff8e83b181d-7ff8e83b1834 call 7ff8e83b1c30 230->233 233->217 236 7ff8e83b183a-7ff8e83b1851 call 7ff8e83b1c30 233->236 236->217 239 7ff8e83b1857-7ff8e83b186b call 7ff8e83b1c30 236->239 239->217 242 7ff8e83b1871-7ff8e83b1888 call 7ff8e83b1c30 239->242 242->217 245 7ff8e83b188e-7ff8e83b18a5 call 7ff8e83b1c30 242->245 245->217 248 7ff8e83b18ab-7ff8e83b18bf call 7ff8e83b1c30 245->248 248->217 251 7ff8e83b18c5-7ff8e83b18dc call 7ff8e83b1c30 248->251 251->217 254 7ff8e83b18e2-7ff8e83b18f9 call 7ff8e83b1c30 251->254 254->217 257 7ff8e83b18ff-7ff8e83b1916 call 7ff8e83b1c30 254->257 257->217 260 7ff8e83b191c-7ff8e83b1933 call 7ff8e83b1c30 257->260 260->217 263 7ff8e83b1939-7ff8e83b1950 call 7ff8e83b1c30 260->263 263->217 266 7ff8e83b1956-7ff8e83b1aad PyModule_AddIntConstant * 15 263->266 267 7ff8e83b1ab3-7ff8e83b1ad0 PyModule_AddObject 266->267 268 7ff8e83b3690 266->268 269 7ff8e83b1ad6-7ff8e83b1af3 PyModule_AddObject 267->269 270 7ff8e83b3698 267->270 268->270 271 7ff8e83b36a0 269->271 272 7ff8e83b1af9-7ff8e83b1b16 PyModule_AddObject 269->272 270->271 273 7ff8e83b36a8 271->273 272->273 274 7ff8e83b1b1c-7ff8e83b1b39 PyModule_AddObject 272->274 275 7ff8e83b36b0 273->275 274->275 276 7ff8e83b1b3f-7ff8e83b1b5c PyModule_AddObject 274->276 278 7ff8e83b36b8 275->278 277 7ff8e83b1b62-7ff8e83b1b7f PyModule_AddObject 276->277 276->278 279 7ff8e83b36c0 277->279 280 7ff8e83b1b85-7ff8e83b1ba2 PyModule_AddObject 277->280 278->279 281 7ff8e83b36c8 279->281 280->281 282 7ff8e83b1ba8-7ff8e83b1bc5 PyModule_AddObject 280->282 281->217 283 7ff8e83b1bc7-7ff8e83b1be4 PyModule_AddObject 282->283 284 7ff8e83b1c1d-7ff8e83b1c20 282->284 285 7ff8e83b1c22-7ff8e83b1c25 283->285 286 7ff8e83b1be6-7ff8e83b1c03 PyModule_AddObject 283->286 284->283 285->286 287 7ff8e83b1c27-7ff8e83b1c2a 286->287 288 7ff8e83b1c05-7ff8e83b1c1c PyModule_AddObject 286->288 287->288
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Module_$Constant$Object$Long$FromLong_StringUnsigned
                                                                                                                                                                                          • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$ALERT_DESCRIPTION_ACCESS_DENIED$ALERT_DESCRIPTION_BAD_CERTIFICATE$ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE$ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE$ALERT_DESCRIPTION_BAD_RECORD_MAC$ALERT_DESCRIPTION_CERTIFICATE_EXPIRED$ALERT_DESCRIPTION_CERTIFICATE_REVOKED$ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN$ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE$ALERT_DESCRIPTION_CLOSE_NOTIFY$ALERT_DESCRIPTION_DECODE_ERROR$ALERT_DESCRIPTION_DECOMPRESSION_FAILURE$ALERT_DESCRIPTION_DECRYPT_ERROR$ALERT_DESCRIPTION_HANDSHAKE_FAILURE$ALERT_DESCRIPTION_ILLEGAL_PARAMETER$ALERT_DESCRIPTION_INSUFFICIENT_SECURITY$ALERT_DESCRIPTION_INTERNAL_ERROR$ALERT_DESCRIPTION_NO_RENEGOTIATION$ALERT_DESCRIPTION_PROTOCOL_VERSION$ALERT_DESCRIPTION_RECORD_OVERFLOW$ALERT_DESCRIPTION_UNEXPECTED_MESSAGE$ALERT_DESCRIPTION_UNKNOWN_CA$ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY$ALERT_DESCRIPTION_UNRECOGNIZED_NAME$ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE$ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION$ALERT_DESCRIPTION_USER_CANCELLED$CERT_NONE$CERT_OPTIONAL$CERT_REQUIRED$ENCODING_DER$ENCODING_PEM$HAS_ALPN$HAS_ECDH$HAS_NPN$HAS_SNI$HAS_SSLv2$HAS_SSLv3$HAS_TLS_UNIQUE$HAS_TLSv1$HAS_TLSv1_1$HAS_TLSv1_2$HAS_TLSv1_3$HOSTFLAG_ALWAYS_CHECK_SUBJECT$HOSTFLAG_MULTI_LABEL_WILDCARDS$HOSTFLAG_NEVER_CHECK_SUBJECT$HOSTFLAG_NO_PARTIAL_WILDCARDS$HOSTFLAG_NO_WILDCARDS$HOSTFLAG_SINGLE_LABEL_SUBDOMAINS$OP_ALL$OP_CIPHER_SERVER_PREFERENCE$OP_ENABLE_KTLS$OP_ENABLE_MIDDLEBOX_COMPAT$OP_IGNORE_UNEXPECTED_EOF$OP_LEGACY_SERVER_CONNECT$OP_NO_COMPRESSION$OP_NO_RENEGOTIATION$OP_NO_SSLv2$OP_NO_SSLv3$OP_NO_TICKET$OP_NO_TLSv1$OP_NO_TLSv1_1$OP_NO_TLSv1_2$OP_NO_TLSv1_3$OP_SINGLE_DH_USE$OP_SINGLE_ECDH_USE$PROTOCOL_SSLv23$PROTOCOL_TLS$PROTOCOL_TLS_CLIENT$PROTOCOL_TLS_SERVER$PROTOCOL_TLSv1$PROTOCOL_TLSv1_1$PROTOCOL_TLSv1_2$PROTO_MAXIMUM_SUPPORTED$PROTO_MINIMUM_SUPPORTED$PROTO_SSLv3$PROTO_TLSv1$PROTO_TLSv1_1$PROTO_TLSv1_2$PROTO_TLSv1_3$SSL_ERROR_EOF$SSL_ERROR_INVALID_ERROR_CODE$SSL_ERROR_SSL$SSL_ERROR_SYSCALL$SSL_ERROR_WANT_CONNECT$SSL_ERROR_WANT_READ$SSL_ERROR_WANT_WRITE$SSL_ERROR_WANT_X509_LOOKUP$SSL_ERROR_ZERO_RETURN$VERIFY_ALLOW_PROXY_CERTS$VERIFY_CRL_CHECK_CHAIN$VERIFY_CRL_CHECK_LEAF$VERIFY_DEFAULT$VERIFY_X509_PARTIAL_CHAIN$VERIFY_X509_STRICT$VERIFY_X509_TRUSTED_FIRST$_DEFAULT_CIPHERS
                                                                                                                                                                                          • API String ID: 1939824370-504456051
                                                                                                                                                                                          • Opcode ID: 0ab5882b645d196668cfbdaafc9e56c2920c00e31564e3fb9250118e273e4c0c
                                                                                                                                                                                          • Instruction ID: 2fba84f87a59d710a875e0f9434caeeae6157bb364a513e14cc133af68c732e6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ab5882b645d196668cfbdaafc9e56c2920c00e31564e3fb9250118e273e4c0c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F320CE4F18B1399FA099B99E8503BC2750AF29BE2F485435CC0E46760DFBDE944C70A
                                                                                                                                                                                          Function 00007FF8E83B82CC Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 195threadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 556 7ff8e83b82cc-7ff8e83b832e _errno 557 7ff8e83b8330-7ff8e83b8333 556->557 558 7ff8e83b835a-7ff8e83b8369 PyUnicode_FSConverter 556->558 559 7ff8e83b8391-7ff8e83b83a0 PyUnicode_FSConverter 557->559 560 7ff8e83b8335-7ff8e83b8338 557->560 561 7ff8e83b836b-7ff8e83b837d PyErr_ExceptionMatches 558->561 562 7ff8e83b838c-7ff8e83b838f 558->562 563 7ff8e83b83c3-7ff8e83b83c6 559->563 564 7ff8e83b83a2-7ff8e83b83b4 PyErr_ExceptionMatches 559->564 565 7ff8e83b83c8-7ff8e83b83d9 560->565 566 7ff8e83b833e 560->566 567 7ff8e83b8383-7ff8e83b838a 561->567 568 7ff8e83b854a 561->568 562->559 562->563 563->565 571 7ff8e83b8443-7ff8e83b8446 563->571 564->568 569 7ff8e83b83ba-7ff8e83b83c1 564->569 572 7ff8e83b83db-7ff8e83b83e7 PyUnicode_AsASCIIString 565->572 573 7ff8e83b845a-7ff8e83b8462 PyObject_CheckBuffer 565->573 574 7ff8e83b8345-7ff8e83b8355 PyErr_SetString 566->574 567->574 570 7ff8e83b854c-7ff8e83b8553 568->570 569->574 577 7ff8e83b8566-7ff8e83b856d 570->577 578 7ff8e83b8555-7ff8e83b8558 570->578 581 7ff8e83b84d4-7ff8e83b84df 571->581 582 7ff8e83b844c-7ff8e83b844f 571->582 579 7ff8e83b83e9-7ff8e83b83fb PyErr_ExceptionMatches 572->579 580 7ff8e83b840d-7ff8e83b8426 call 7ff8e83b4d0c 572->580 575 7ff8e83b8401-7ff8e83b8408 573->575 576 7ff8e83b8464-7ff8e83b8476 PyObject_GetBuffer 573->576 574->568 575->574 576->568 584 7ff8e83b847c-7ff8e83b848a PyBuffer_IsContiguous 576->584 586 7ff8e83b8580-7ff8e83b85a6 577->586 587 7ff8e83b856f-7ff8e83b8572 577->587 578->577 585 7ff8e83b855a-7ff8e83b855e 578->585 579->568 579->575 599 7ff8e83b8436-7ff8e83b843a 580->599 600 7ff8e83b8428-7ff8e83b842b 580->600 589 7ff8e83b84e1-7ff8e83b84e5 581->589 590 7ff8e83b84e9-7ff8e83b850f PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 581->590 582->570 583 7ff8e83b8455 582->583 583->589 591 7ff8e83b84be-7ff8e83b84cf PyBuffer_Release 584->591 592 7ff8e83b848c-7ff8e83b848f 584->592 585->577 593 7ff8e83b8560 _Py_Dealloc 585->593 587->586 594 7ff8e83b8574-7ff8e83b8578 587->594 589->590 590->570 596 7ff8e83b8511-7ff8e83b851a _errno 590->596 591->574 592->591 597 7ff8e83b8491-7ff8e83b84b6 call 7ff8e83b4d0c PyBuffer_Release 592->597 593->577 594->586 598 7ff8e83b857a _Py_Dealloc 594->598 601 7ff8e83b8534-7ff8e83b8545 call 7ff8e83b6554 596->601 602 7ff8e83b851c-7ff8e83b8532 PyErr_SetFromErrno ERR_clear_error 596->602 597->568 608 7ff8e83b84bc 597->608 598->586 599->568 606 7ff8e83b8440 599->606 600->599 605 7ff8e83b842d-7ff8e83b8430 _Py_Dealloc 600->605 601->568 602->568 605->599 606->571 608->571
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$Buffer_DeallocExceptionMatchesUnicode_$BufferConverterEval_Object_ReleaseStringThread_errno$CheckContiguousErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                                                                                                                                          • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                                                                                                                                          • API String ID: 3554890122-3904065072
                                                                                                                                                                                          • Opcode ID: 7c0e50c5d797ef638d39eef09b1b159086aa94cba534aa7ea738b7df414c95bc
                                                                                                                                                                                          • Instruction ID: d0f83115e26c88073855299ab278d6cdcaf10efe383ab8c8b845986208f787f6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c0e50c5d797ef638d39eef09b1b159086aa94cba534aa7ea738b7df414c95bc
                                                                                                                                                                                          • Instruction Fuzzy Hash: C68130A5A09A0289EB559FA6D8543BD23A1BF64BD5F4C4032CD0E57A94DF7CEC44C30A
                                                                                                                                                                                          Function 00007FF8F7A95AB0 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 609 7ff8f7a95ab0-7ff8f7a95b01 PyType_GetModuleByDef 610 7ff8f7a95b03-7ff8f7a95b0d 609->610 611 7ff8f7a95b0f-7ff8f7a95b34 PySys_Audit 609->611 610->611 612 7ff8f7a95b4f-7ff8f7a95b5d 610->612 613 7ff8f7a95b36-7ff8f7a95b39 611->613 614 7ff8f7a95b8a 611->614 615 7ff8f7a95d22-7ff8f7a95d32 PyLong_AsLongLong 612->615 616 7ff8f7a95b63-7ff8f7a95b6b 612->616 618 7ff8f7a95dfa-7ff8f7a95e5d PyEval_SaveThread WSASocketW PyEval_RestoreThread 613->618 619 7ff8f7a95b3f-7ff8f7a95b49 613->619 617 7ff8f7a95b8f-7ff8f7a95bb2 call 7ff8f7a92a50 614->617 622 7ff8f7a95d34-7ff8f7a95d3d PyErr_Occurred 615->622 623 7ff8f7a95d5f-7ff8f7a95d8e memset getsockname 615->623 620 7ff8f7a95bb3-7ff8f7a95bbc 616->620 621 7ff8f7a95b6d-7ff8f7a95b84 PyErr_Format 616->621 625 7ff8f7a95e63-7ff8f7a95e81 call 7ff8f7a943c8 618->625 626 7ff8f7a95cd4-7ff8f7a95cd9 call 7ff8f7a94a3c 618->626 619->612 619->618 631 7ff8f7a95bc4-7ff8f7a95c15 620->631 621->614 622->614 627 7ff8f7a95d43-7ff8f7a95d5a PyErr_SetString 622->627 628 7ff8f7a95d90-7ff8f7a95d93 623->628 629 7ff8f7a95d9c-7ff8f7a95d9f 623->629 640 7ff8f7a95e87-7ff8f7a95e89 625->640 641 7ff8f7a95cf8-7ff8f7a95d01 closesocket 625->641 626->614 627->614 635 7ff8f7a95d95-7ff8f7a95d9a 628->635 636 7ff8f7a95db6-7ff8f7a95dba 628->636 629->626 637 7ff8f7a95da5-7ff8f7a95db0 WSAGetLastError 629->637 631->631 638 7ff8f7a95c17-7ff8f7a95c8a PySys_Audit 631->638 635->636 643 7ff8f7a95df5-7ff8f7a95df8 636->643 644 7ff8f7a95dbc-7ff8f7a95dea getsockopt 636->644 637->626 637->636 638->614 642 7ff8f7a95c90-7ff8f7a95cd2 PyEval_SaveThread WSASocketW PyEval_RestoreThread 638->642 640->617 641->614 642->626 645 7ff8f7a95cde-7ff8f7a95cee SetHandleInformation 642->645 643->625 644->626 646 7ff8f7a95df0 644->646 647 7ff8f7a95cf0-7ff8f7a95cf2 PyErr_SetFromWindowsErr 645->647 648 7ff8f7a95d06-7ff8f7a95d1d 645->648 646->643 647->641 648->625
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_$ErrorFormatFromHandleInformationLastLong_ModuleOccurredStringType_Windowsclosesocketgetsocknamegetsockoptmemset
                                                                                                                                                                                          • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                                                                                                                                          • API String ID: 3363282672-2881308447
                                                                                                                                                                                          • Opcode ID: 04267ebc9d147e07de267a693846aa419f582f40a8f4303f6ede1e2826baac7f
                                                                                                                                                                                          • Instruction ID: 52c2c90eaeb39ad144f72f140bdc0fb4a6383788a4b12875b59b16f947520453
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04267ebc9d147e07de267a693846aa419f582f40a8f4303f6ede1e2826baac7f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 16B18369A09A819AF7108B29D4062BD7370FBA5BE4F055335DE7D136E1EF3CE5A48700
                                                                                                                                                                                          Function 00007FF8F7A94C0C Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 170threadstringCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 649 7ff8f7a94c0c-7ff8f7a94c3a 650 7ff8f7a94c40-7ff8f7a94ca2 PyEval_SaveThread getaddrinfo PyEval_RestoreThread 649->650 651 7ff8f7a94d31-7ff8f7a94d42 strcmp 649->651 652 7ff8f7a94e28-7ff8f7a94e38 call 7ff8f7a94a70 650->652 653 7ff8f7a94ca8-7ff8f7a94cb3 650->653 654 7ff8f7a94e82-7ff8f7a94e8d 651->654 655 7ff8f7a94d48-7ff8f7a94d59 strcmp 651->655 679 7ff8f7a94e3d-7ff8f7a94e6a memcpy freeaddrinfo 652->679 658 7ff8f7a94cb5-7ff8f7a94cb8 653->658 659 7ff8f7a94ceb 653->659 656 7ff8f7a94e9b-7ff8f7a94ea0 654->656 657 7ff8f7a94e8f 654->657 655->654 661 7ff8f7a94d5f-7ff8f7a94d6e 655->661 662 7ff8f7a94ea7 656->662 657->656 663 7ff8f7a94ce4-7ff8f7a94ce9 658->663 664 7ff8f7a94cba-7ff8f7a94cc3 freeaddrinfo 658->664 665 7ff8f7a94cf0-7ff8f7a94cf5 659->665 667 7ff8f7a94d70-7ff8f7a94d86 inet_pton 661->667 668 7ff8f7a94d95-7ff8f7a94d99 661->668 671 7ff8f7a94eac-7ff8f7a94ec5 662->671 663->665 672 7ff8f7a94cca-7ff8f7a94cdf PyErr_SetString 664->672 673 7ff8f7a94cf7-7ff8f7a94d07 freeaddrinfo 665->673 674 7ff8f7a94d09-7ff8f7a94d2c memcpy freeaddrinfo 665->674 675 7ff8f7a94d90-7ff8f7a94d93 667->675 676 7ff8f7a94d88-7ff8f7a94d8b 667->676 669 7ff8f7a94de0-7ff8f7a94e24 PyEval_SaveThread getaddrinfo PyEval_RestoreThread 668->669 670 7ff8f7a94d9b-7ff8f7a94dac strchr 668->670 678 7ff8f7a94e26 669->678 669->679 670->669 677 7ff8f7a94dae-7ff8f7a94dd1 inet_pton 670->677 672->671 673->672 674->671 675->668 675->670 676->662 677->669 680 7ff8f7a94dd3 677->680 678->652 679->662 681 7ff8f7a94e6c-7ff8f7a94e70 679->681 682 7ff8f7a94dd6-7ff8f7a94ddb 680->682 681->682 683 7ff8f7a94e76 681->683 682->671 683->654
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Threadfreeaddrinfo$RestoreSavegetaddrinfoinet_ptonmemcpystrcmp$Err_Stringstrchr
                                                                                                                                                                                          • String ID: 255.255.255.255$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                                                                                                                                                                          • API String ID: 535957624-1715193308
                                                                                                                                                                                          • Opcode ID: 3e1fadc93af86178a50d3d60021f601abebfc86c63a0e854bf59a6fc3dcfe964
                                                                                                                                                                                          • Instruction ID: 918bc7b306c790a21b7c811f20b5b0a61e04af679918754b64b71a94fd95830d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e1fadc93af86178a50d3d60021f601abebfc86c63a0e854bf59a6fc3dcfe964
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8871B669A087429AF7608F25A4422BE73B0FBA8BC4F524235DE6D436D5DF3CE5A1C740
                                                                                                                                                                                          Function 00007FF8E8384700 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 684 7ff8e8384700-7ff8e838473d PyImport_ImportModuleLevelObject 685 7ff8e83848bb 684->685 686 7ff8e8384743-7ff8e838474f 684->686 687 7ff8e83848bd-7ff8e83848d4 685->687 688 7ff8e83848d5-7ff8e83848d8 686->688 689 7ff8e8384755-7ff8e8384768 686->689 688->687 690 7ff8e8384770-7ff8e8384789 PyObject_GetAttr 689->690 691 7ff8e838478b-7ff8e83847a9 PyUnicode_FromFormat 690->691 692 7ff8e83847d7-7ff8e83847eb 690->692 693 7ff8e83847af-7ff8e83847c1 PyObject_GetItem 691->693 694 7ff8e838483b-7ff8e8384882 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 691->694 695 7ff8e83847ed-7ff8e83847f3 PyDict_SetItem 692->695 696 7ff8e83847f5 PyObject_SetItem 692->696 699 7ff8e83847c3-7ff8e83847c7 693->699 700 7ff8e83847d2-7ff8e83847d5 693->700 697 7ff8e8384884-7ff8e8384888 694->697 698 7ff8e8384893-7ff8e8384896 694->698 701 7ff8e83847fb-7ff8e8384800 695->701 696->701 697->698 702 7ff8e838488a-7ff8e838488d _Py_Dealloc 697->702 703 7ff8e8384898-7ff8e838489c 698->703 704 7ff8e83848a7-7ff8e83848aa 698->704 699->700 705 7ff8e83847c9-7ff8e83847cc _Py_Dealloc 699->705 700->692 700->694 706 7ff8e8384802-7ff8e8384806 701->706 707 7ff8e8384811-7ff8e8384813 701->707 702->698 703->704 708 7ff8e838489e-7ff8e83848a1 _Py_Dealloc 703->708 704->685 709 7ff8e83848ac-7ff8e83848b0 704->709 705->700 706->707 710 7ff8e8384808-7ff8e838480b _Py_Dealloc 706->710 707->704 711 7ff8e8384819-7ff8e8384828 707->711 708->704 709->685 712 7ff8e83848b2-7ff8e83848b5 _Py_Dealloc 709->712 710->707 711->688 713 7ff8e838482e-7ff8e8384836 711->713 712->685 713->690
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623234094.00007FF8E8381000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8E8380000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623216548.00007FF8E8380000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623259808.00007FF8E8395000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623276956.00007FF8E839B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623296618.00007FF8E839F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e8380000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                          • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                          • API String ID: 3630264407-438398067
                                                                                                                                                                                          • Opcode ID: eb0495fba2b9f8bae62f291a83bce40592bd6c5b3399fe437b91431e8b785962
                                                                                                                                                                                          • Instruction ID: 3362a0815a62c555d3ee0ecc6832c7432696d6f1ba42c1020a299688d9865771
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb0495fba2b9f8bae62f291a83bce40592bd6c5b3399fe437b91431e8b785962
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E516032A08A8285EA149FD1E94437D63A1BB69FD5F4C4131CE4D43B98DF3DE095C30A
                                                                                                                                                                                          Function 00007FF8F7A95144 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114networkthreadCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 714 7ff8f7a95144-7ff8f7a95178 715 7ff8f7a9517b-7ff8f7a9517e 714->715 716 7ff8f7a95190-7ff8f7a95193 715->716 717 7ff8f7a95180-7ff8f7a95188 715->717 720 7ff8f7a95195-7ff8f7a951a1 _PyDeadline_Get 716->720 721 7ff8f7a951b7-7ff8f7a951c6 _PyDeadline_Init 716->721 718 7ff8f7a9518e 717->718 719 7ff8f7a9522f-7ff8f7a9523d PyEval_SaveThread 717->719 722 7ff8f7a951c9 718->722 754 7ff8f7a95240 call 7ff8f7a96840 719->754 755 7ff8f7a95240 call 7ff8f7a96260 719->755 723 7ff8f7a951a3-7ff8f7a951a6 720->723 724 7ff8f7a951cc-7ff8f7a951e4 call 7ff8f7a9454c 720->724 721->722 722->724 726 7ff8f7a952c0-7ff8f7a952d1 PyErr_SetString 723->726 727 7ff8f7a951ac-7ff8f7a951b2 723->727 738 7ff8f7a95226-7ff8f7a95229 724->738 739 7ff8f7a951e6-7ff8f7a951e9 724->739 725 7ff8f7a95244-7ff8f7a95251 PyEval_RestoreThread 729 7ff8f7a952b1-7ff8f7a952b4 725->729 730 7ff8f7a95253-7ff8f7a95256 725->730 731 7ff8f7a952d7 726->731 727->731 733 7ff8f7a952b6 729->733 734 7ff8f7a952bc-7ff8f7a952be 729->734 735 7ff8f7a95260-7ff8f7a9526b WSAGetLastError 730->735 736 7ff8f7a95258-7ff8f7a9525e WSAGetLastError 730->736 737 7ff8f7a952dc-7ff8f7a952ea 731->737 733->734 734->737 740 7ff8f7a95279-7ff8f7a9527e 735->740 741 7ff8f7a9526d-7ff8f7a95275 PyErr_CheckSignals 735->741 736->735 738->719 738->723 742 7ff8f7a951f3-7ff8f7a951fe WSAGetLastError 739->742 743 7ff8f7a951eb-7ff8f7a951f1 WSAGetLastError 739->743 747 7ff8f7a95280-7ff8f7a9528f WSAGetLastError 740->747 748 7ff8f7a952a7-7ff8f7a952aa 740->748 741->719 746 7ff8f7a95277 741->746 744 7ff8f7a95204-7ff8f7a9520c PyErr_CheckSignals 742->744 745 7ff8f7a952ac-7ff8f7a952af 742->745 743->742 744->715 749 7ff8f7a95212-7ff8f7a95215 744->749 745->731 746->749 747->715 750 7ff8f7a95295-7ff8f7a952a0 WSAGetLastError 747->750 748->731 748->745 749->731 752 7ff8f7a9521b-7ff8f7a95221 749->752 750->748 751 7ff8f7a952a2 750->751 751->715 752->731 754->725 755->725
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$Eval_Thread$Err_$CheckDeadline_RestoreSaveSignals$InitStringTime_Timeval_clampselect
                                                                                                                                                                                          • String ID: timed out
                                                                                                                                                                                          • API String ID: 497267021-3163636755
                                                                                                                                                                                          • Opcode ID: 8048b4ae316fdf912cb11b0f3ce4ab9d7ecbb7bf006f07ec21ad1d61a967340c
                                                                                                                                                                                          • Instruction ID: c83e22c8f9ca0ba82e5437de8d2a884b6e7f64d2e39be58bae51a1bcccda28f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8048b4ae316fdf912cb11b0f3ce4ab9d7ecbb7bf006f07ec21ad1d61a967340c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78419029E0D6439EFB255B65A4472BE62B0AFB4BE4F160130CD7D827D4DF3CE8A58600
                                                                                                                                                                                          Function 00007FF8F7A96C48 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                                                                                                                                          • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                                                                                                                                          • API String ID: 418579395-1608436615
                                                                                                                                                                                          • Opcode ID: 00bb59efab9f7172e8937e6f66c8eab6ad29b02b98a3246fc78355982980a26d
                                                                                                                                                                                          • Instruction ID: 135adeed0a80893070466080beac4d44075c970b7ffd9a9bcb9420394a3589bb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 00bb59efab9f7172e8937e6f66c8eab6ad29b02b98a3246fc78355982980a26d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F411C3960CA869AFB208F21E4416AE7371FB98BD4F510232DA6D43BA4DF3CD568C740
                                                                                                                                                                                          Function 00007FF8F7A929A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                                                                                                                                          • String ID: socket.gethostname
                                                                                                                                                                                          • API String ID: 1075394898-2650736202
                                                                                                                                                                                          • Opcode ID: 3405576d76487752179143ca9e9ce24f0a64481455d61518cebafc033de9272a
                                                                                                                                                                                          • Instruction ID: f4c119238c4ab65ea35895d93e5cde6e26e3b454c91336172863bd16fc36a187
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3405576d76487752179143ca9e9ce24f0a64481455d61518cebafc033de9272a
                                                                                                                                                                                          • Instruction Fuzzy Hash: D5316429B0CA429AF7648B21A81627E73B5FFE8BC4F460139D96F426D4DF3CE424C600
                                                                                                                                                                                          Function 00007FF7DE851950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 788 7ff7de851950-7ff7de85198b call 7ff7de8545b0 791 7ff7de851c4e-7ff7de851c72 call 7ff7de85c5c0 788->791 792 7ff7de851991-7ff7de8519d1 call 7ff7de857f80 788->792 797 7ff7de851c3b-7ff7de851c3e call 7ff7de8600bc 792->797 798 7ff7de8519d7-7ff7de8519e7 call 7ff7de860744 792->798 802 7ff7de851c43-7ff7de851c4b 797->802 803 7ff7de851a08-7ff7de851a24 call 7ff7de86040c 798->803 804 7ff7de8519e9-7ff7de851a03 call 7ff7de864f78 call 7ff7de852910 798->804 802->791 810 7ff7de851a45-7ff7de851a5a call 7ff7de864f98 803->810 811 7ff7de851a26-7ff7de851a40 call 7ff7de864f78 call 7ff7de852910 803->811 804->797 818 7ff7de851a7b-7ff7de851afc call 7ff7de851c80 * 2 call 7ff7de860744 810->818 819 7ff7de851a5c-7ff7de851a76 call 7ff7de864f78 call 7ff7de852910 810->819 811->797 830 7ff7de851b01-7ff7de851b14 call 7ff7de864fb4 818->830 819->797 833 7ff7de851b35-7ff7de851b4e call 7ff7de86040c 830->833 834 7ff7de851b16-7ff7de851b30 call 7ff7de864f78 call 7ff7de852910 830->834 839 7ff7de851b6f-7ff7de851b8b call 7ff7de860180 833->839 840 7ff7de851b50-7ff7de851b6a call 7ff7de864f78 call 7ff7de852910 833->840 834->797 848 7ff7de851b8d-7ff7de851b99 call 7ff7de852710 839->848 849 7ff7de851b9e-7ff7de851bac 839->849 840->797 848->797 849->797 852 7ff7de851bb2-7ff7de851bb9 849->852 853 7ff7de851bc1-7ff7de851bc7 852->853 855 7ff7de851bc9-7ff7de851bd6 853->855 856 7ff7de851be0-7ff7de851bef 853->856 857 7ff7de851bf1-7ff7de851bfa 855->857 856->856 856->857 858 7ff7de851bfc-7ff7de851bff 857->858 859 7ff7de851c0f 857->859 858->859 860 7ff7de851c01-7ff7de851c04 858->860 861 7ff7de851c11-7ff7de851c24 859->861 860->859 862 7ff7de851c06-7ff7de851c09 860->862 863 7ff7de851c2d-7ff7de851c39 861->863 864 7ff7de851c26 861->864 862->859 865 7ff7de851c0b-7ff7de851c0d 862->865 863->797 863->853 864->863 865->861
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7DE857F80: _fread_nolock.LIBCMT ref: 00007FF7DE85802A
                                                                                                                                                                                          • _fread_nolock.LIBCMT ref: 00007FF7DE851A1B
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF7DE851B6A), ref: 00007FF7DE85295E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 2397952137-3497178890
                                                                                                                                                                                          • Opcode ID: 2905f55c1a3c8d4e6aa49aeeb86a9490fcb65926af6803c34ddd16b54d0a65e3
                                                                                                                                                                                          • Instruction ID: 45545e8201761dc821a475b12984c422f2044e9fdfa13b7cbc52b39e42f710eb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2905f55c1a3c8d4e6aa49aeeb86a9490fcb65926af6803c34ddd16b54d0a65e3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A81D271A0CA8285EB22FB24D0442BDE3A1FF44785FC46437E98D47785DE3DE9A58B60
                                                                                                                                                                                          Function 00007FF8E8389153 Relevance: 19.6, APIs: 13, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 866 7ff8e8389153-7ff8e8389199 call 7ff8e8384280 869 7ff8e83891d3-7ff8e83891dd 866->869 870 7ff8e838919b-7ff8e83891a5 call 7ff8e8392930 866->870 871 7ff8e83891f6-7ff8e83891f9 869->871 872 7ff8e83891df-7ff8e83891e8 869->872 874 7ff8e83891aa-7ff8e83891ac 870->874 876 7ff8e83891fb-7ff8e83891fd 871->876 877 7ff8e838920e-7ff8e8389218 871->877 872->871 875 7ff8e83891ea-7ff8e83891ee 872->875 874->869 878 7ff8e83891ae-7ff8e83891b0 874->878 875->871 879 7ff8e83891f0 _Py_Dealloc 875->879 876->877 880 7ff8e83891ff-7ff8e8389203 876->880 881 7ff8e8389231-7ff8e838923b 877->881 882 7ff8e838921a-7ff8e8389223 877->882 883 7ff8e83891c1-7ff8e83891d2 878->883 884 7ff8e83891b2-7ff8e83891b6 878->884 879->871 880->877 887 7ff8e8389205-7ff8e8389208 _Py_Dealloc 880->887 885 7ff8e8389254-7ff8e838925e 881->885 886 7ff8e838923d-7ff8e8389246 881->886 882->881 888 7ff8e8389225-7ff8e8389229 882->888 884->883 890 7ff8e83891b8-7ff8e83891bb _Py_Dealloc 884->890 892 7ff8e8389260-7ff8e8389269 885->892 893 7ff8e8389277-7ff8e8389281 885->893 886->885 891 7ff8e8389248-7ff8e838924c 886->891 887->877 888->881 889 7ff8e838922b _Py_Dealloc 888->889 889->881 890->883 891->885 894 7ff8e838924e _Py_Dealloc 891->894 892->893 895 7ff8e838926b-7ff8e838926f 892->895 896 7ff8e8389283-7ff8e838928c 893->896 897 7ff8e838929a-7ff8e83892a4 893->897 894->885 895->893 898 7ff8e8389271 _Py_Dealloc 895->898 896->897 899 7ff8e838928e-7ff8e8389292 896->899 900 7ff8e83892a6-7ff8e83892af 897->900 901 7ff8e83892bd-7ff8e83892c7 897->901 898->893 899->897 904 7ff8e8389294 _Py_Dealloc 899->904 900->901 905 7ff8e83892b1-7ff8e83892b5 900->905 902 7ff8e83892e0-7ff8e83892ea 901->902 903 7ff8e83892c9-7ff8e83892d2 901->903 908 7ff8e8389303-7ff8e838930d 902->908 909 7ff8e83892ec-7ff8e83892f5 902->909 903->902 907 7ff8e83892d4-7ff8e83892d8 903->907 904->897 905->901 906 7ff8e83892b7 _Py_Dealloc 905->906 906->901 907->902 910 7ff8e83892da _Py_Dealloc 907->910 912 7ff8e8389326-7ff8e8389330 908->912 913 7ff8e838930f-7ff8e8389318 908->913 909->908 911 7ff8e83892f7-7ff8e83892fb 909->911 910->902 911->908 914 7ff8e83892fd _Py_Dealloc 911->914 916 7ff8e8389332-7ff8e838933b 912->916 917 7ff8e8389349-7ff8e8389353 912->917 913->912 915 7ff8e838931a-7ff8e838931e 913->915 914->908 915->912 920 7ff8e8389320 _Py_Dealloc 915->920 916->917 921 7ff8e838933d-7ff8e8389341 916->921 918 7ff8e8389355-7ff8e838935e 917->918 919 7ff8e838936c-7ff8e8389378 917->919 918->919 923 7ff8e8389360-7ff8e8389364 918->923 920->912 921->917 922 7ff8e8389343 _Py_Dealloc 921->922 922->917 923->919 924 7ff8e8389366 _Py_Dealloc 923->924 924->919
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623234094.00007FF8E8381000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8E8380000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623216548.00007FF8E8380000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623259808.00007FF8E8395000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623276956.00007FF8E839B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623296618.00007FF8E839F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e8380000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2745024575-0
                                                                                                                                                                                          • Opcode ID: 0f2eb5f35846a8456c7112da878c6113124e833643e34b0ec4b928e486e0026e
                                                                                                                                                                                          • Instruction ID: 6fdfa8d96250b42e8c2444c2b7b9db56e310ce18ca5a2ba8e516a6fcd355a5a1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f2eb5f35846a8456c7112da878c6113124e833643e34b0ec4b928e486e0026e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E71D535D0EE06C9FA558FE4AD4433C73E9AFA4BD5F1C8931C94D416A8DFADA441830A
                                                                                                                                                                                          Function 00007FF7DE852180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                          • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                          • Instruction ID: 9fa6d8ae8eec6973404e6e28a265890e5a12ffe9984478b14161b43d5ea052fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B5117266047A186D634AF22B4181BEF7A2F798B65F404132EFCE43694DF3CD095CB20
                                                                                                                                                                                          Function 00007FF8F7A962A8 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_Release$Arg_Err_FromKeywords_Long_ParseSizeSsize_tStringTuple
                                                                                                                                                                                          • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ni:recv_into
                                                                                                                                                                                          • API String ID: 1544103690-1758107600
                                                                                                                                                                                          • Opcode ID: 88c5d2ec2c174252b109fdaf4ece7b42052e1bc462625fef769cf62ac7aff941
                                                                                                                                                                                          • Instruction ID: a46ad5049e2cf05200bb35f08c3bd2f390603a64e5ff5d591bdc4669f7d5b4e7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 88c5d2ec2c174252b109fdaf4ece7b42052e1bc462625fef769cf62ac7aff941
                                                                                                                                                                                          • Instruction Fuzzy Hash: 85213C69A08B42A5FB158B55E4412BD7371BFA97D0F821036D96E836D0DF2CE568C701
                                                                                                                                                                                          Function 00007FF8F7A96888 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_Err_Release$Arg_CheckDeadline_ParseSignalsSizeStringTuple_
                                                                                                                                                                                          • String ID: timed out$y*|i:sendall
                                                                                                                                                                                          • API String ID: 1463051379-3431350491
                                                                                                                                                                                          • Opcode ID: 0d5e43f192a68e1f83a1e47ab96415c64762856c266b881d83d306cb4f712184
                                                                                                                                                                                          • Instruction ID: 00791cc49d6caf8eb8302c7f2c4d6f2914cd9372b3fa9986ff0c4dc7e14d6e91
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d5e43f192a68e1f83a1e47ab96415c64762856c266b881d83d306cb4f712184
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B415D3AA08A8299F7218F16E8412AE73B1FB94BD4F455036DE6E43B94DF3CE455C700
                                                                                                                                                                                          Function 00007FF8E83B1C90 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                                                                                                                                          • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                                                                                                                                          • API String ID: 3371007025-2001486153
                                                                                                                                                                                          • Opcode ID: ba8e0275eb7ae53edb31ef97c2f8e1e5acff8c5ed8bf0fbbc7c7392eccbb918b
                                                                                                                                                                                          • Instruction ID: c9dc7f78d884482b06f336b91f3966e5675b186882e15d6de62ef5f2a9aa431b
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba8e0275eb7ae53edb31ef97c2f8e1e5acff8c5ed8bf0fbbc7c7392eccbb918b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6931D3A2A0CA8299EB219B55E8103BE63A0FFA4BD0F4C4135CE4E47795DF7CD845C309
                                                                                                                                                                                          Function 00007FF7DE851470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                          • API String ID: 2050909247-3659356012
                                                                                                                                                                                          • Opcode ID: 28a6f876c22af074ecfc829ed6d8f7a905ecd056a4d8023b873648686097d9e3
                                                                                                                                                                                          • Instruction ID: ad04b79027fcc5c0dac446118ac627a64e2ff1ad8c43dab3e202af08438b6e17
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28a6f876c22af074ecfc829ed6d8f7a905ecd056a4d8023b873648686097d9e3
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2418E31A08A4285EA12FF6194406BDE392BF44798FC46837ED5D07B95DE3CE9658720
                                                                                                                                                                                          Function 00007FF8F7A9442C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 84networkthreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$Eval_Thread$CheckErr_RestoreSaveSignalsconnect
                                                                                                                                                                                          • String ID: 3'
                                                                                                                                                                                          • API String ID: 4284410693-280543908
                                                                                                                                                                                          • Opcode ID: 43883b4a1facdb44927345cb127c56be8221d0d2f4f6270d03b5dbc12515d140
                                                                                                                                                                                          • Instruction ID: 0ffd3521c1cef7b386c1555acaf1d750729e4e44a82458d67cd0c098cea194f2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 43883b4a1facdb44927345cb127c56be8221d0d2f4f6270d03b5dbc12515d140
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00314D39B087429AFB649F65A44617E66B0BFA47D4F160135EE6E827D4DF3CE860C600
                                                                                                                                                                                          Function 00007FF7DE851210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                          • API String ID: 2050909247-2813020118
                                                                                                                                                                                          • Opcode ID: 3c9a59ff3bb3cad3576c5a79fada2bf92f4883a0976c2eb1c2674206ff102632
                                                                                                                                                                                          • Instruction ID: 06352600d645b83c4880f2301fb6b9f513da239f660a8c56e40e6591f96de0f8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c9a59ff3bb3cad3576c5a79fada2bf92f4883a0976c2eb1c2674206ff102632
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A51F622A08A8285E662FB11A4103BEE292FF85795FC46137ED4D477D5EF3CE565C320
                                                                                                                                                                                          Function 00007FF7DE8536B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF7DE853804), ref: 00007FF7DE8536E1
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF7DE853804), ref: 00007FF7DE8536EB
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DE853706,?,00007FF7DE853804), ref: 00007FF7DE852C9E
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF7DE853706,?,00007FF7DE853804), ref: 00007FF7DE852D63
                                                                                                                                                                                            • Part of subcall function 00007FF7DE852C50: MessageBoxW.USER32 ref: 00007FF7DE852D99
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                          • API String ID: 3187769757-2863816727
                                                                                                                                                                                          • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                          • Instruction ID: e69e74e4c39c49b2e4f347c208db3dffab80ea28e38f644a89ab1b2cc11988e2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 11219561F1C64291FA23B724E8453BEA261BF48394FC02537E99D875E9EF2CE564C720
                                                                                                                                                                                          Function 00007FF7DE86BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                          • Instruction ID: e5324cfc839618daa56a208e8f7c3f706f2633f659c516975db4def482a9c4d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59C1D43290CA8641E763AB1594402BDE7A5FF81B8CFD5613BEA4E07791CF7CE8658720
                                                                                                                                                                                          Function 00007FF8F7A95950 Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 591546834-0
                                                                                                                                                                                          • Opcode ID: 76780f2171b9a0c666538e7470a80e626d3e221b20e6fde9062a3a99cfec385c
                                                                                                                                                                                          • Instruction ID: 97c8c0c831bc65dcd4721a86d64daf542a2279518b0076a1c8b340baa8f9bb49
                                                                                                                                                                                          • Opcode Fuzzy Hash: 76780f2171b9a0c666538e7470a80e626d3e221b20e6fde9062a3a99cfec385c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 98419E6AE096415AFF658B21A48A37D22B0BF64BE0F060631DE3E03BD0DF3CE4648214
                                                                                                                                                                                          Function 00007FF7DE856350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentProcess
                                                                                                                                                                                          • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                          • API String ID: 2050909247-2434346643
                                                                                                                                                                                          • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                          • Instruction ID: fc02460895ecd8c69819283434e7eed5b671a7b8855b02f56d1318c1d9df5d9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B9417121A08A8691EA12FB20E5542FEE361FF54384FD01133EA9D43695EF3CE665C760
                                                                                                                                                                                          Function 00007FF8F7A97630 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_AuditFreeMem_ParseSizeSys_Tuple_
                                                                                                                                                                                          • String ID: et:gethostbyname$idna$socket.gethostbyname
                                                                                                                                                                                          • API String ID: 3195760359-1353326193
                                                                                                                                                                                          • Opcode ID: 595bcfef9258296ee61c2dacbe02101686e4e44310b816866b841d278444c812
                                                                                                                                                                                          • Instruction ID: 13f98b6a5618919aec287f65e3e3ce16bb223e7657ca26aeaf137366db0c4efe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 595bcfef9258296ee61c2dacbe02101686e4e44310b816866b841d278444c812
                                                                                                                                                                                          • Instruction Fuzzy Hash: EA11426971864295F7108F25E8421AF77B0FBA8BC4F460135EB6E47AA5DE3CD155C700
                                                                                                                                                                                          Function 00007FF8F7A94668 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 863680558-0
                                                                                                                                                                                          • Opcode ID: 402f04bb7d9212ea08196dd74a4af80d90a7af6c1d596dfc1541eee4981e6f64
                                                                                                                                                                                          • Instruction ID: 7c45d27134fbec2eef11bb7edd678f30e7322528daf8a5f07aa57cd18f0e0670
                                                                                                                                                                                          • Opcode Fuzzy Hash: 402f04bb7d9212ea08196dd74a4af80d90a7af6c1d596dfc1541eee4981e6f64
                                                                                                                                                                                          • Instruction Fuzzy Hash: BB018F79B19A4296F7009B3AE84106E73B0EFD8BD0B524030EA2E43BA4CE3CD4A5C700
                                                                                                                                                                                          Function 00007FF7DE852390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                          • Opcode ID: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                          • Instruction ID: e424c62ff54d9b8ee8b7e78ebf366153dd7328267d41c156b8e093bcca0a5843
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71315F32A19A8189EB21FB61E8552FEA361FF89788FC41136EA4D47B49DF3CD150C710
                                                                                                                                                                                          Function 00007FF8E83B1DA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OBJ_txt2obj.LIBCRYPTO-3 ref: 00007FF8E83B1DC0
                                                                                                                                                                                          • PyModule_GetState.PYTHON312 ref: 00007FF8E83B1DD5
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E2A
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E3C
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E47
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E75
                                                                                                                                                                                          • ASN1_OBJECT_free.LIBCRYPTO-3 ref: 00007FF8E83B1DEC
                                                                                                                                                                                          • PyErr_Format.PYTHON312 ref: 00007FF8E83B3762
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_SizeStateT_freeValue_
                                                                                                                                                                                          • String ID: unknown object '%.100s'
                                                                                                                                                                                          • API String ID: 2376969911-3113687063
                                                                                                                                                                                          • Opcode ID: 82eac1858f2f7311b97fa416a6cda790fa35309ca6d5bca797571051d7cfa703
                                                                                                                                                                                          • Instruction ID: f0876b6cf4cab8c376bdd398255060e0b0b7f3dc61c93059ffe50e01001dcf07
                                                                                                                                                                                          • Opcode Fuzzy Hash: 82eac1858f2f7311b97fa416a6cda790fa35309ca6d5bca797571051d7cfa703
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F06DA1B18A4286EA098BA7A95427DA391AF9CFD1F4C4030DD0E47B25DF3CD8458705
                                                                                                                                                                                          Function 00007FF8F8CA1000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623740241.00007FF8F8CA1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8F8CA0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623720729.00007FF8F8CA0000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623758236.00007FF8F8CA2000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623780510.00007FF8F8CA4000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f8ca0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Import$Capsule_DeallocImport_Module
                                                                                                                                                                                          • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                                                                                                                                          • API String ID: 1394619730-824592145
                                                                                                                                                                                          • Opcode ID: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                          • Instruction ID: 60e016a94089a1862a0403a6eb15577b2fa5fcf5df3e6becc4c61ba8fdeba943
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                          • Instruction Fuzzy Hash: 41E0ED21E09552C9EBD99B11ACA427432A1BF74B80F894436C22E426D0EF3CA945F718
                                                                                                                                                                                          Function 00007FF7DE865698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                          • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                          • Instruction ID: 26ccb9452061568ecb6aadd26e7f88201fe019d354809061ca4b3add4c3b9a05
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B41A232D1878283E311AB20951036DB360FB94764F90A73AEA9C07AD2DF6CA5F08720
                                                                                                                                                                                          Function 00007FF7DE8520C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                          • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                          • Instruction ID: e541af3533fb6fa93f4e9fff82a00161cb39405596f1d0ec2eee72f2ed587e17
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                          • Instruction Fuzzy Hash: 28110C21F0C15242F656B769E64827ED263EF84780FC86032DB4907B89CD3DE8F18210
                                                                                                                                                                                          Function 00007FF8F7A952EC Relevance: 6.0, APIs: 4, Instructions: 29threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1624953543-0
                                                                                                                                                                                          • Opcode ID: b3a5f7da77fde6dd616c2aba4578d838e9d4f481d6cef957d5043588db409b2b
                                                                                                                                                                                          • Instruction ID: e6cce39ed34c8f37c597e245223cc077e5f03dcb5637fbeeb9a12149f40c97a4
                                                                                                                                                                                          • Opcode Fuzzy Hash: b3a5f7da77fde6dd616c2aba4578d838e9d4f481d6cef957d5043588db409b2b
                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F01D29A08B4196FB545F59B5460AD6370ABA8BF4B194330DA7A037E0CF7CD4A5C200
                                                                                                                                                                                          Function 00007FF8F7A95358 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A93D80: PyErr_Format.PYTHON312 ref: 00007FF8F7A94102
                                                                                                                                                                                          • PySys_Audit.PYTHON312 ref: 00007FF8F7A953B0
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: PyEval_SaveThread.PYTHON312 ref: 00007FF8F7A9444A
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: connect.WS2_32 ref: 00007FF8F7A9445D
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: PyEval_RestoreThread.PYTHON312 ref: 00007FF8F7A94468
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: WSAGetLastError.WS2_32 ref: 00007FF8F7A94476
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: WSAGetLastError.WS2_32 ref: 00007FF8F7A94482
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: PyErr_CheckSignals.PYTHON312 ref: 00007FF8F7A9448F
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9442C: WSASetLastError.WS2_32 ref: 00007FF8F7A944CC
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                                                                                                                                          • String ID: connect$socket.connect
                                                                                                                                                                                          • API String ID: 2206401578-326844852
                                                                                                                                                                                          • Opcode ID: 6328d35a7a5ebb17eb66f0d37f02297ffde66ec9a7956e232188b9311fc926bd
                                                                                                                                                                                          • Instruction ID: fbe960d8ff56b5be81aaf02dcaac3ab6d5f9c60644f441c5cefd8a7e99d96ec3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6328d35a7a5ebb17eb66f0d37f02297ffde66ec9a7956e232188b9311fc926bd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B113C29708A8299F7209B16F4527AE73B0BBA47C4F420032DA6D47AD5DE7CE564CB40
                                                                                                                                                                                          Function 00007FF7DE85CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3251591375-0
                                                                                                                                                                                          • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                          • Instruction ID: 8cc5ca63a98cef51cf49e37f3f17ec7928bf614523821f3f85e544fdbad7874f
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA315C20E0864345FA57BB64D4513BEE7929F42784FC47437D94D9B2D3DE2CA864C670
                                                                                                                                                                                          Function 00007FF8E83B1C30 Relevance: 4.5, APIs: 3, Instructions: 32COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Long$DeallocFromLong_Module_ObjectUnsigned
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1334937965-0
                                                                                                                                                                                          • Opcode ID: a99016d94322774840b638e6a314548ad7be50fb2ef9530af4a037c37d9c842a
                                                                                                                                                                                          • Instruction ID: 6e97930cb7356d4a74d1be87a55aecd14ccfa5dd1332f8d5e81e901846f56c72
                                                                                                                                                                                          • Opcode Fuzzy Hash: a99016d94322774840b638e6a314548ad7be50fb2ef9530af4a037c37d9c842a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F096A1A0C69286F7154B66E81437D6290AF59FD1F1C8130EA1E47BA5CF7CDC418309
                                                                                                                                                                                          Function 00007FF8E8392ACD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623234094.00007FF8E8381000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8E8380000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623216548.00007FF8E8380000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623259808.00007FF8E8395000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623276956.00007FF8E839B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623296618.00007FF8E839F000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e8380000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc
                                                                                                                                                                                          • String ID: <module>
                                                                                                                                                                                          • API String ID: 3617616757-217463007
                                                                                                                                                                                          • Opcode ID: f4d71fac36e61e2899d84e32005583331f99f3068e0a1fab41e660a1b0372fda
                                                                                                                                                                                          • Instruction ID: 60fd28c698c273272b3d0fb1acfa3b6f9fbc34168db574b9d341a8a7a9694872
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4d71fac36e61e2899d84e32005583331f99f3068e0a1fab41e660a1b0372fda
                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F05E96F0AE0781FA259BD9A81037E12506F247E5F0C4432CD1C433A8EF6DE981830A
                                                                                                                                                                                          Function 00007FF7DE8601AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                          • Instruction ID: 2b91912db0ae556a9d567afccd0d61cf9856206f04667e622696eb1e54a6c558
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39514831B096C186E73BBA25940067EE290BF46BA4FD4673ADE6C037E5CF3CD4218624
                                                                                                                                                                                          Function 00007FF7DE86C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                          • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                          • Instruction ID: cc3a4dafd665d959e1ed2c408434cd3942d4c24dfd950e3714716afcaa9cf2be
                                                                                                                                                                                          • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E11B271618A8181DA11BB25A80416DA362BB85BF4FD45336EE7D4B7E9CE3CD0618710
                                                                                                                                                                                          Function 00007FF7DE86ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00007FF7DE86AA45,?,?,00000000,00007FF7DE86AAFA), ref: 00007FF7DE86AC36
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF7DE86AA45,?,?,00000000,00007FF7DE86AAFA), ref: 00007FF7DE86AC40
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                          • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                          • Instruction ID: 014a22ac3bb223751f3f2c57573d052327b76b59c1e4c8fc3c3bfbde2e6ba6d3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                          • Instruction Fuzzy Hash: B621C631F1CA4241FA927761A49527D9292AF847D0FC8627FD91E4B3C1CE6CE4658320
                                                                                                                                                                                          Function 00007FF7DE86BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                          • Instruction ID: 8651125461a3d70f827669971a53ec150b81a321b8fa52fa9951921bcb134c63
                                                                                                                                                                                          • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A41153290860187EA36BB15A54027DF7A4EB45B58FD0213BDA8E43692CF2DF452CB61
                                                                                                                                                                                          Function 00007FF7DE857F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                          • Opcode ID: 86e708c883b0e4c685f6036999e916a82ad4556d05d2be39bbe13bd991bf3a27
                                                                                                                                                                                          • Instruction ID: c9c32c334bb622b4fe90452389bc03e9faa4f98815f2fb71f216294f9d936346
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86e708c883b0e4c685f6036999e916a82ad4556d05d2be39bbe13bd991bf3a27
                                                                                                                                                                                          • Instruction Fuzzy Hash: D221A622B0879185FA52BB1265043BED691BF45BD4FCC6437EE4D0B786CE7DE0518720
                                                                                                                                                                                          Function 00007FF7DE86B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                          • Instruction ID: 76903acfb82272bf2c23d1a84f5b433fbd6c6616bb6032d8b4f3171ad97172fe
                                                                                                                                                                                          • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B31CE32A1864285E7137B55984137CA650AF40B9EFD2223BEA2D033D2CF7CE8618730
                                                                                                                                                                                          Function 00007FF8E83B81D8 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_KeywordsUnpack
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1409375599-0
                                                                                                                                                                                          • Opcode ID: 2dde85019f923016d4c3f5a17233583584655f92e70c11fe7567d4c50d67d2ea
                                                                                                                                                                                          • Instruction ID: 1e647ceab23508542743ce25fcf645dc6ecf4ada88f402f95701d85b3d1f7e39
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dde85019f923016d4c3f5a17233583584655f92e70c11fe7567d4c50d67d2ea
                                                                                                                                                                                          • Instruction Fuzzy Hash: C221B1A2B09B5689EE51CFC2A800AAD6794BF65BD6F4D0031DE0D2BB94DF3CE801C705
                                                                                                                                                                                          Function 00007FF7DE866004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                          • Instruction ID: 24ad37c4bbb8bc67b5ec69346af2bcfe5439d4573f8dc74b55bd889302c74e47
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11A532A1C64282EA62BF11A40027EF260BF45B80FD4643BFB4C57B96DF3DD5608720
                                                                                                                                                                                          Function 00007FF7DE8763C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                          • Instruction ID: 30b1e3e3aa5fe4dffb6ab94c2e63748315d3b0d43d6e9cdf725910800032ec5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0821DA7260CA4146D762AF18D44037DB2A0FB84B54FD41235DA9E476E5DF3CD4A0CB10
                                                                                                                                                                                          Function 00007FF7DE86042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                          • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                          • Instruction ID: 7105de4764cd8dbdfabb0a16352a1e287b8df5c68efd1f0b6484d6c2e8fbcfa7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95010871A0878140EA22FF525A0106DE691BF82FE4FC85636DE5C17BD6CE3CD4218314
                                                                                                                                                                                          Function 00007FF8F7A96840 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: send
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2809346765-0
                                                                                                                                                                                          • Opcode ID: 741226070898184501b116e7c74174f7785fe4d6321199a9325eb966bcb4c140
                                                                                                                                                                                          • Instruction ID: 7c6dddb46892759552f99a7d4a4ad83984894b53c2287a4008e11f26ab1e6d1f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 741226070898184501b116e7c74174f7785fe4d6321199a9325eb966bcb4c140
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE01AF6A14A85C6EB149B56E0452686361F759FA4F249721CA380B3D0DE28D5E1C740
                                                                                                                                                                                          Function 00007FF7DE859070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF7DE859400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7DE8545E4,00000000,00007FF7DE851985), ref: 00007FF7DE859439
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00007FF7DE856466,?,00007FF7DE85336E), ref: 00007FF7DE859092
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2592636585-0
                                                                                                                                                                                          • Opcode ID: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                          • Instruction ID: dfb844911efe4df925f754106e4ed620abd8090efd60d64bd0bfd048be16b69f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 12D0C211F2428541EA54B767BA4663D9252AFCDBC4FC8E036EE5D07B5AEC3CC4A14B00
                                                                                                                                                                                          Function 00007FF7DE86D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF7DE860D00,?,?,?,00007FF7DE86236A,?,?,?,?,?,00007FF7DE863B59), ref: 00007FF7DE86D6AA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2619241159.00007FF7DE851000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7DE850000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2619222925.00007FF7DE850000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619267697.00007FF7DE87B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE88E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619306672.00007FF7DE891000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE894000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2619343708.00007FF7DE8A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff7de850000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                          • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                          • Instruction ID: c629dcd7267a2b8a6fc5ccabae616f4a8f125826341c58048d6fe9553395908e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F05820F0930344FE6777A1580167CA2915F94BA0FC8623ADD2E8A3D2DE6CB4B08270

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00007FF8E7E47820 Relevance: 118.0, APIs: 63, Strings: 4, Instructions: 767COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_new$R_set_debug$L_sk_free$L_sk_num$O_free$L_sk_value$L_sk_dup$O_memcmpmemcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$@$P$tls_early_post_process_client_hello
                                                                                                                                                                                          • API String ID: 3172855559-1173447675
                                                                                                                                                                                          • Opcode ID: 62b076b9103789aa92b8cbf9b86f0945b02cbd3fdcd01fe7fc6b9a7ad0a491f1
                                                                                                                                                                                          • Instruction ID: eacd3e5b99d6bf4dd5ea06eb3aa41f97790f0f357a0f72f02e8ed1ff86e3a9b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 62b076b9103789aa92b8cbf9b86f0945b02cbd3fdcd01fe7fc6b9a7ad0a491f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69727E62A0968385FB109BE5D8513BD23A1EB84FC8F544131DEAD877A5EF3DE481C382
                                                                                                                                                                                          Function 00007FF8E83B85A8 Relevance: 107.1, APIs: 50, Strings: 11, Instructions: 306COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocDict_$FromItemLongLong_StringX_ctrl
                                                                                                                                                                                          • String ID: accept$accept_good$accept_renegotiate$cache_full$connect$connect_good$connect_renegotiate$hits$misses$number$timeouts
                                                                                                                                                                                          • API String ID: 3804526530-4076585280
                                                                                                                                                                                          • Opcode ID: 31d27d267ef944ce0170bb30f6bb4ae95ac4b529db3450ab7baf209eda492acf
                                                                                                                                                                                          • Instruction ID: fb2dca1c0d4078a266febe245a0bdf49c0d2ea046a8fdbb2fcec00bfe55c6317
                                                                                                                                                                                          • Opcode Fuzzy Hash: 31d27d267ef944ce0170bb30f6bb4ae95ac4b529db3450ab7baf209eda492acf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32D122B5A097568AEA159FA1E5547BD33A1BFA5BC2F0C0430CE0E66B50EF3CE8148706
                                                                                                                                                                                          Function 00007FF8E83B52E0 Relevance: 103.6, APIs: 48, Strings: 11, Instructions: 317COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$String$Dict_$Item$List_X509_$From$SizeUnicode_$AppendE_printO_ctrlO_freeO_getsX509_get0_notY_set$AfterBeforeE_entry_countE_get_entryErr_LongLong_O_newO_s_memTupleX509_get_issuer_nameX509_get_subject_nameX509_get_versionY_get_dataY_get_object
                                                                                                                                                                                          • String ID: OCSP$caIssuers$crlDistributionPoints$failed to allocate BIO$issuer$notAfter$notBefore$serialNumber$subject$subjectAltName$version
                                                                                                                                                                                          • API String ID: 3001048694-857226466
                                                                                                                                                                                          • Opcode ID: c0d83a80fdd2fa389921a55f20ed788cc296214049a0ba30b8f3e7d51dacd266
                                                                                                                                                                                          • Instruction ID: f4462a66c5aaece7e5d087cafe6b8cd1598633f05a7aebc4cf2f79e1d662f460
                                                                                                                                                                                          • Opcode Fuzzy Hash: c0d83a80fdd2fa389921a55f20ed788cc296214049a0ba30b8f3e7d51dacd266
                                                                                                                                                                                          • Instruction Fuzzy Hash: 02D140F5A09A5389FE569BE1A95437D23A1BFA5BD2F0C4131CD0E46750EF3CE814870A
                                                                                                                                                                                          Function 00007FF8E83B5AB4 Relevance: 98.4, APIs: 43, Strings: 13, Instructions: 364stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Err_FromSizeUnicode_$E_printFormatL_sk_numL_sk_valueList_O_ctrlO_getsO_newO_s_memTuple_WarnX509_get_ext_d2istrchr
                                                                                                                                                                                          • String ID: %X:%X:%X:%X:%X:%X:%X:%X$%d.%d.%d.%d$<INVALID>$<invalid>$DNS$DirName$IP Address$Invalid value %.200s$Registered ID$URI$Unknown general name type %d$email$failed to allocate BIO
                                                                                                                                                                                          • API String ID: 359532264-4109427827
                                                                                                                                                                                          • Opcode ID: 5e95644302a427418b5d1d979276497e409c7c0c35418fada4b70092e935900a
                                                                                                                                                                                          • Instruction ID: a23f47b143997390133c3eded1859c426faba47b242013943b52e1d3222878fa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e95644302a427418b5d1d979276497e409c7c0c35418fada4b70092e935900a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15F183A1A0DA8289FA568BA5E81437D77A1FF65BC2F0C4231D94E46790DF3CEC44C71A
                                                                                                                                                                                          Function 00007FF8E7DD17F8 Relevance: 89.8, APIs: 46, Strings: 5, Instructions: 585COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug$X_freeY_free$DigestSign$Init_exO_memcmpX_newY_new_raw_private_key_ex
                                                                                                                                                                                          • String ID: $..\s\ssl\statem\extensions_srvr.c$HMAC$SHA2-256$tls_parse_ctos_cookie
                                                                                                                                                                                          • API String ID: 206681685-1443914411
                                                                                                                                                                                          • Opcode ID: 077881088c0d1f1d146c76fa9aab4bbd42343c7e07105cce7e5ae5793dac9f7b
                                                                                                                                                                                          • Instruction ID: 171e40edc0350969f7c96cd3470f9cc0092470f7e9543da60b18ddbefcfbc0fc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 077881088c0d1f1d146c76fa9aab4bbd42343c7e07105cce7e5ae5793dac9f7b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A429C21B1828392EB509BE1D856BFD2764EF81BC4F944132DABD836D6EE2CE545C312
                                                                                                                                                                                          Function 00007FF8E7DD1846 Relevance: 77.4, APIs: 42, Strings: 2, Instructions: 435COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_certificate
                                                                                                                                                                                          • API String ID: 3085087540-2403068147
                                                                                                                                                                                          • Opcode ID: a07f56027311e16a650de202824a3b8f33d9fa7fbf7204a5af146c0d0adc19c2
                                                                                                                                                                                          • Instruction ID: 2a92d5d312fc5f30d0d5ddcaf9d14b215cbdba93154256374370f5311d9df97b
                                                                                                                                                                                          • Opcode Fuzzy Hash: a07f56027311e16a650de202824a3b8f33d9fa7fbf7204a5af146c0d0adc19c2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E129C22B0965385FB10DBE1D4417BD2661AB44FD8F844036DEAE977A6EF3CE580C312
                                                                                                                                                                                          Function 00007FF8E83BBAE8 Relevance: 54.5, APIs: 29, Strings: 2, Instructions: 215threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _PyObject_GC_New.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBB87
                                                                                                                                                                                          • ERR_clear_error.LIBCRYPTO-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBBCA
                                                                                                                                                                                          • PyEval_SaveThread.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBBD0
                                                                                                                                                                                          • SSL_new.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBBDC
                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBBE9
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC06
                                                                                                                                                                                          • SSL_get0_param.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC22
                                                                                                                                                                                          • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC2F
                                                                                                                                                                                          • SSL_set_ex_data.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC3E
                                                                                                                                                                                          • SSL_set_fd.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC50
                                                                                                                                                                                          • BIO_up_ref.LIBCRYPTO-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC64
                                                                                                                                                                                          • BIO_up_ref.LIBCRYPTO-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC76
                                                                                                                                                                                          • SSL_set_bio.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC88
                                                                                                                                                                                          • SSL_ctrl.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBC9D
                                                                                                                                                                                          • SSL_get_verify_mode.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBCB7
                                                                                                                                                                                          • SSL_get_verify_callback.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBCC8
                                                                                                                                                                                          • SSL_set_verify.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBCDA
                                                                                                                                                                                          • SSL_set_post_handshake_auth.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBCE4
                                                                                                                                                                                          • SSL_get_rbio.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD11
                                                                                                                                                                                          • BIO_ctrl.LIBCRYPTO-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD26
                                                                                                                                                                                          • SSL_get_wbio.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD30
                                                                                                                                                                                          • BIO_ctrl.LIBCRYPTO-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD41
                                                                                                                                                                                          • PyEval_SaveThread.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD47
                                                                                                                                                                                          • SSL_set_connect_state.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD59
                                                                                                                                                                                          • SSL_set_accept_state.LIBSSL-3(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD61
                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD6A
                                                                                                                                                                                          • PyWeakref_NewRef.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBD7E
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBDCB
                                                                                                                                                                                          • PyObject_GC_Track.PYTHON312(?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BBE02
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Cannot create a server socket with a PROTOCOL_TLS_CLIENT context, xrefs: 00007FF8E83BBB30
                                                                                                                                                                                          • Cannot create a client socket with a PROTOCOL_TLS_SERVER context, xrefs: 00007FF8E83BBB76
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$DeallocO_ctrlO_up_refObject_RestoreSave$L_ctrlL_get0_paramL_get_rbioL_get_verify_callbackL_get_verify_modeL_get_wbioL_newL_set_accept_stateL_set_bioL_set_connect_stateL_set_ex_dataL_set_fdL_set_post_handshake_authL_set_verifyM_set_hostflagsR_clear_errorTrackWeakref_X509_
                                                                                                                                                                                          • String ID: Cannot create a client socket with a PROTOCOL_TLS_SERVER context$Cannot create a server socket with a PROTOCOL_TLS_CLIENT context
                                                                                                                                                                                          • API String ID: 4263894999-1683031804
                                                                                                                                                                                          • Opcode ID: 9b27182346287a8bfc568b50ecb86d6642ebc79b8603933dc877655f453e6673
                                                                                                                                                                                          • Instruction ID: 564b1dc455a7389cf4159093b5f09fd4cd5eba8fcca3ac2eef996d8ded465382
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b27182346287a8bfc568b50ecb86d6642ebc79b8603933dc877655f453e6673
                                                                                                                                                                                          • Instruction Fuzzy Hash: 65A150B5A09A428AEA65DFA6E85476D7360FFA4BD1F084035CE4E07764DF3CEC45830A
                                                                                                                                                                                          Function 00007FF8E83B9DBC Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 184threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckFromInitL_get_rbioL_get_wbioL_write_exLong_ObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsSize_tStringWeakref_
                                                                                                                                                                                          • String ID: The write operation timed out$Underlying socket connection gone$Underlying socket has been closed.$Underlying socket too large for select().
                                                                                                                                                                                          • API String ID: 919700936-3133696731
                                                                                                                                                                                          • Opcode ID: 998d63c6a67620683b35f32f41c679f820c675cf96aec51181935db0aa0b5723
                                                                                                                                                                                          • Instruction ID: 75c1b814f544bbdd29fab45664d2c4e08ed1fb7de08abfdfd6768ff4e939a28f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 998d63c6a67620683b35f32f41c679f820c675cf96aec51181935db0aa0b5723
                                                                                                                                                                                          • Instruction Fuzzy Hash: 67717EA1A09A868AEB658FA1985437D73A1FFA4BD5F184031DD0D47A60EF3CEC55C30A
                                                                                                                                                                                          Function 00007FF8E83B99C0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 182threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Deadline_DeallocEval_O_ctrlThread$Err_InitL_get_rbioL_get_wbioL_set_read_aheadL_shutdownObjectRestoreSaveStringWeakref_
                                                                                                                                                                                          • String ID: -$The read operation timed out$The write operation timed out$Underlying socket connection gone$Underlying socket too large for select().
                                                                                                                                                                                          • API String ID: 1084328889-4093475646
                                                                                                                                                                                          • Opcode ID: ff91db2b1abad656a384f6d34c4a9c256f8ff407cc38b0b2101fabc204779d50
                                                                                                                                                                                          • Instruction ID: 1b23804b227b403d84f9cbcec308d69a19a905b72c550f1f7be6dfefea47457c
                                                                                                                                                                                          • Opcode Fuzzy Hash: ff91db2b1abad656a384f6d34c4a9c256f8ff407cc38b0b2101fabc204779d50
                                                                                                                                                                                          • Instruction Fuzzy Hash: D57151A1A096428AEB65CB96E55437D73A2FFA5BD1F084131CE4E47694EF3CEC41830A
                                                                                                                                                                                          Function 00007FF8E7DD586A Relevance: 33.3, APIs: 17, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_set_init$O_clear_flagsO_get_dataR_newR_set_debugR_set_error$O_freeO_get_initO_pushO_set_nextO_set_shutdownO_up_refO_zalloc
                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                          • API String ID: 2041692418-4057307684
                                                                                                                                                                                          • Opcode ID: b938392c1f0130d587112443b3a9d1b86181e3dd82127a5ad10639266ed4d33c
                                                                                                                                                                                          • Instruction ID: 8d2322fdbd052870ae9ca8680092cf26c6e6f304b187f2f1ed5e49dd6e3f259d
                                                                                                                                                                                          • Opcode Fuzzy Hash: b938392c1f0130d587112443b3a9d1b86181e3dd82127a5ad10639266ed4d33c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 34316A11F0D65342F914E6A6D9127BD52625F85FD0F400231EEBE0BBEAEE2CE5028743
                                                                                                                                                                                          Function 00007FF8E7E338A0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EVP_MD_CTX_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33931
                                                                                                                                                                                          • EVP_DigestInit.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33948
                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33965
                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33982
                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E3399C
                                                                                                                                                                                          • EVP_MD_CTX_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E339AC
                                                                                                                                                                                          • CRYPTO_malloc.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E339CF
                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33B9E
                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33BB3
                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33BCB
                                                                                                                                                                                          • CRYPTO_clear_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33BE3
                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33BEA
                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8E7E35063), ref: 00007FF8E7E33C02
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Digest$R_newR_set_debugUpdateX_free$Final_exInitO_clear_freeO_mallocX_new
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost18
                                                                                                                                                                                          • API String ID: 1516884489-304060821
                                                                                                                                                                                          • Opcode ID: 8e51d15a962b53c84eea47d357a9d13b66c054b19c96a8da4d00d795b3e43bdd
                                                                                                                                                                                          • Instruction ID: 1b213dde3d03504373641b77f2ba23e1bd49675a7a9d22d66558646abeb58dd2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e51d15a962b53c84eea47d357a9d13b66c054b19c96a8da4d00d795b3e43bdd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9491A462F0C64351F620ABA2D851BBE2351BF85FD4F540131EDAD4B7A6EE3DE9418342
                                                                                                                                                                                          Function 00007FF8F7A93AD0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 181networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WSAGetLastError.WS2_32 ref: 00007FF8F7A93AFA
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A94AC8: _Py_BuildValue_SizeT.PYTHON312(?,?,?,00007FF8F7A93B0A), ref: 00007FF8F7A94AE3
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A94AC8: PyErr_SetObject.PYTHON312(?,?,?,00007FF8F7A93B0A), ref: 00007FF8F7A94AF8
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A94AC8: _Py_Dealloc.PYTHON312(?,?,?,00007FF8F7A93B0A), ref: 00007FF8F7A94B0C
                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8F7A93B1E
                                                                                                                                                                                          • PyErr_SetFromErrno.PYTHON312 ref: 00007FF8F7A93B34
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$BuildDeallocErrnoErrorFromLastObjectSizeValue__errno
                                                                                                                                                                                          • String ID: NOO$surrogatepass$unsupported address family
                                                                                                                                                                                          • API String ID: 316901363-472101058
                                                                                                                                                                                          • Opcode ID: 7fa3f94bd30a0525a73b97b195d25299c9fd1280b54a1a896a1071a0439e3a2e
                                                                                                                                                                                          • Instruction ID: 18408591f76dffb51dda3420aa1d0262ca91a1b0298d5b8d719f42cf81877f5d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fa3f94bd30a0525a73b97b195d25299c9fd1280b54a1a896a1071a0439e3a2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 43819239A09A4289FB558F21A45627E73B0FFA5BD4F064539DA6E027D4EF3CE4A0C300
                                                                                                                                                                                          Function 00007FF8E83B8CAC Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 171threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                                                                                                                                          • String ID: Underlying socket connection gone$_ssl.c:983: The handshake operation timed out$_ssl.c:987: Underlying socket has been closed.$_ssl.c:991: Underlying socket too large for select().
                                                                                                                                                                                          • API String ID: 3614085790-1145532335
                                                                                                                                                                                          • Opcode ID: fe373fa390acac4dba2bf3258ca8a1411e2591c0ac4994f360803510e032e358
                                                                                                                                                                                          • Instruction ID: 3acd7e91c58622bec86b5a54aedff7f17f5595ca4872dbdbee09a83157643228
                                                                                                                                                                                          • Opcode Fuzzy Hash: fe373fa390acac4dba2bf3258ca8a1411e2591c0ac4994f360803510e032e358
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E618EA1A09A528DEB65DFA5D85037D63A0FFA9BC5F180031DE0E57A54DF3DEC42830A
                                                                                                                                                                                          Function 00007FF8E7DF5870 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: J_nid2snO_zallocP_get_digestbyname
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$dane_ctx_enable
                                                                                                                                                                                          • API String ID: 481619167-1287278166
                                                                                                                                                                                          • Opcode ID: f811607f019e0fba6774fb0767c526b73295f801dc53e887ad931bb5e2517592
                                                                                                                                                                                          • Instruction ID: 4a045f2d1e4827b7855f62088f4d7045520ee35d86f7c74e40beef209745d7b7
                                                                                                                                                                                          • Opcode Fuzzy Hash: f811607f019e0fba6774fb0767c526b73295f801dc53e887ad931bb5e2517592
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A317E61F1E78382F74497A1E8427BD22A5AF45BC4F444075EAAD07B9AEF2CF941C702
                                                                                                                                                                                          Function 00007FF8E7E39850 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 102COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\include\internal/packet.h$tls_process_ske_psk_preamble
                                                                                                                                                                                          • API String ID: 1233037391-1906891150
                                                                                                                                                                                          • Opcode ID: 5d41d908b8888701b708f5cc01d018db43efa8043e1a75f1b85c49209fb1e0e0
                                                                                                                                                                                          • Instruction ID: 9361ae2c769cf555cec054ab5db500debeee3ac20d1da23b2044c99cb6e52d81
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d41d908b8888701b708f5cc01d018db43efa8043e1a75f1b85c49209fb1e0e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7417361F2869281E7109BA5E805BED6760FB94FC4F540131EAEC07B6ADF6CE591C702
                                                                                                                                                                                          Function 00007FF8E7DD1893 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_server_name
                                                                                                                                                                                          • API String ID: 193678381-2697319676
                                                                                                                                                                                          • Opcode ID: f624c0c7e1ceb8e681fd9b753e6824e8c6c6b6362b4b72bb04fa0a55640923ee
                                                                                                                                                                                          • Instruction ID: ba15470f28f55f89871262e947e78e75593decf99e9c325e103c7f4fd065d2f8
                                                                                                                                                                                          • Opcode Fuzzy Hash: f624c0c7e1ceb8e681fd9b753e6824e8c6c6b6362b4b72bb04fa0a55640923ee
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D319E61F0858782F7509BE0D856BFC2360EF84B84F980531D9BC476E6EF6CA594C312
                                                                                                                                                                                          Function 00007FF8E83B51D4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E98: OBJ_obj2txt.LIBCRYPTO-3 ref: 00007FF8E83B1EDD
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E98: PyUnicode_FromStringAndSize.PYTHON312 ref: 00007FF8E83B1F03
                                                                                                                                                                                          • ASN1_STRING_type.LIBCRYPTO-3(?,?,?,?,00000000,00007FF8E83B50AD), ref: 00007FF8E83B5218
                                                                                                                                                                                          • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,00000000,00007FF8E83B50AD), ref: 00007FF8E83B5226
                                                                                                                                                                                          • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,00000000,00007FF8E83B50AD), ref: 00007FF8E83B5232
                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FF8E83B50AD), ref: 00007FF8E83B5248
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B6554: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FF8E83B656C
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B6554: ERR_clear_error.LIBCRYPTO-3 ref: 00007FF8E83B6595
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Size$BuildFromG_get0_dataG_lengthG_typeJ_obj2txtR_clear_errorR_peek_last_errorStringUnicode_Value_
                                                                                                                                                                                          • String ID: D:\a\1\s\Modules\_ssl.c$Ns#$Ny#
                                                                                                                                                                                          • API String ID: 264388756-3706530764
                                                                                                                                                                                          • Opcode ID: 9a1122ba5fbc9547116f0031ee393bf038e2f8fa00e4e29d68950a744ed176c9
                                                                                                                                                                                          • Instruction ID: fd4f112dca99dfa5246f8c3c2979beaefc40448dd804024d3347ee759cfec36f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a1122ba5fbc9547116f0031ee393bf038e2f8fa00e4e29d68950a744ed176c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 45219EA1A0D65386FB548BD2A8543BEA360AFA9BD1F484030DD0E4AB55DF3CE845870A
                                                                                                                                                                                          Function 00007FF8E7DD1811 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                          • API String ID: 3506937590-1778748169
                                                                                                                                                                                          • Opcode ID: 7aad6c923146845f2a9b65fa7e3790393a5a2c52746d0a3b7a0d51977f724cb2
                                                                                                                                                                                          • Instruction ID: 047c1f82c6a365f6f9c6947ba09c1d55b869ebb8f73d5eafa9cbcaf53be45f8b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7aad6c923146845f2a9b65fa7e3790393a5a2c52746d0a3b7a0d51977f724cb2
                                                                                                                                                                                          • Instruction Fuzzy Hash: B621F412E1468352E745DF75C8953FC1324EB94F88F085235FEAD4B266EF6CA6D18311
                                                                                                                                                                                          Function 00007FF8E7E44809 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_next_proto
                                                                                                                                                                                          • API String ID: 3243760035-2889161144
                                                                                                                                                                                          • Opcode ID: b22f06341180a05936c1b3f4cfe0fcd842f30be1dae1c571d0ee003f613f5ec6
                                                                                                                                                                                          • Instruction ID: d449ba4f3ae88d34b1808318c7328003b5e8f3ca17673ae8d63f1357dae46ea5
                                                                                                                                                                                          • Opcode Fuzzy Hash: b22f06341180a05936c1b3f4cfe0fcd842f30be1dae1c571d0ee003f613f5ec6
                                                                                                                                                                                          • Instruction Fuzzy Hash: D941B362B1C78281E7109BA5F4107BDA3A0FB95BC4F480231EBDC17B56EF6CE6918740
                                                                                                                                                                                          Function 00007FF8E7E18810 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_malloc$O_freeR_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer$ssl3_setup_write_buffer
                                                                                                                                                                                          • API String ID: 2137838121-2302522825
                                                                                                                                                                                          • Opcode ID: b9033e2442da6229313254ab19f4a2f75838646274628e30eeb22bce08e9129d
                                                                                                                                                                                          • Instruction ID: d98301a94c82f466fcc3cf82299395197522490e812a10cae90b077f9f2f9592
                                                                                                                                                                                          • Opcode Fuzzy Hash: b9033e2442da6229313254ab19f4a2f75838646274628e30eeb22bce08e9129d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8251EB72B08B4281EB509B95E8457AD63A4FB84FD8F590235DEAC47B99CF3CE441C342
                                                                                                                                                                                          Function 00007FF8E83B30E8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                          • Opcode ID: 08efb2bdee9f98be2b3c6710b5812631814cf93b04d3daaf3e92c0f1bde12c4a
                                                                                                                                                                                          • Instruction ID: 5e225e177d9904320efa1fce0b39bf3bbcfef1f31aa4dd27f570585539d4bb68
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08efb2bdee9f98be2b3c6710b5812631814cf93b04d3daaf3e92c0f1bde12c4a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C33174B2609B8189EB609FA0E8403ED73A4FB94785F48443ADA4E47B94DF3CD949C705
                                                                                                                                                                                          Function 00007FF8F93F1AC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                          • Opcode ID: 396fb0676da42074f33246ab187dc1dcc5be145908329d2e9d3bbd097559ecec
                                                                                                                                                                                          • Instruction ID: fe44b91253e1bf969bdf339ba1db64afa00377d70fca3906273ffd1da3da615e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 396fb0676da42074f33246ab187dc1dcc5be145908329d2e9d3bbd097559ecec
                                                                                                                                                                                          • Instruction Fuzzy Hash: F9316D72608AC2CAEB648FA0E8507ED3360FB94788F44503ADA5E47BD8EF39D548C704
                                                                                                                                                                                          Function 00007FF8F7A93398 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                          • Opcode ID: 35a7589cc452a559f716fbf76e6c2d0995ef5bb5efcdcd1d759a878c2b8be3e9
                                                                                                                                                                                          • Instruction ID: e9d7753c9cb9ec3ab2b379b04bcf9df2be196569cab822275e4bf80101e06dd4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 35a7589cc452a559f716fbf76e6c2d0995ef5bb5efcdcd1d759a878c2b8be3e9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 65315D7A609A819AFB608F60E8413EE7374FB94784F45443ADA5E47B94DF3CD658C700
                                                                                                                                                                                          Function 00007FF8E7DD18B6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                          • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                          • API String ID: 3755831613-2385383871
                                                                                                                                                                                          • Opcode ID: d4ccfb98f9aad14a7166a05efe0c243b26ec4abb0b72498ecd85f710d97a6a9e
                                                                                                                                                                                          • Instruction ID: 5aee380a820f072d8cd3fea2499e535a209f19595bfd794af11f27860e2f4bbc
                                                                                                                                                                                          • Opcode Fuzzy Hash: d4ccfb98f9aad14a7166a05efe0c243b26ec4abb0b72498ecd85f710d97a6a9e
                                                                                                                                                                                          • Instruction Fuzzy Hash: AF11E172B09B4282E7009BA5F4417AC32A4EB54BE4F500331EABD03BDAEF2CD591C341
                                                                                                                                                                                          Function 00007FF8F7A96078 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                                                                                                                                                                          • String ID: |i:listen
                                                                                                                                                                                          • API String ID: 3610171639-1087349693
                                                                                                                                                                                          • Opcode ID: 1dd604d63779131d74f0e04f3b2c61a42505648cc2c7e148056a803314711aa5
                                                                                                                                                                                          • Instruction ID: 054815ce122c71878162c29afa10cdd7248d160fc1d906a22f4e205d8ee59b79
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dd604d63779131d74f0e04f3b2c61a42505648cc2c7e148056a803314711aa5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E01AD28B18A4196FB808B16E48106E6371FFA8BC0B119035DA6E43B94DF3CE4648700
                                                                                                                                                                                          Function 00007FF8E83B4F20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_FromO_freeR_clear_errorR_peek_last_errorSizeStringX509i2d_
                                                                                                                                                                                          • String ID: D:\a\1\s\Modules\_ssl.c
                                                                                                                                                                                          • API String ID: 2720122973-132925792
                                                                                                                                                                                          • Opcode ID: 5d62ef3b44bac0d4b8962b2aea4348ea7aec83031f435b15bd101fb527a0a0f0
                                                                                                                                                                                          • Instruction ID: 9e268985f6e7b69cc6ce1beab0226e190d049639a35b93bca0feea550f126264
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d62ef3b44bac0d4b8962b2aea4348ea7aec83031f435b15bd101fb527a0a0f0
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF0F091B1864286FF008B92E80837EA311EFA8BD1F084030CC0D4B714EFBCE0488704
                                                                                                                                                                                          Function 00007FF8E7E2F8F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_freeO_strndup
                                                                                                                                                                                          • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                          • API String ID: 2641571835-2521442236
                                                                                                                                                                                          • Opcode ID: 3d0f3f982528f2f85dc5154f817162137fc4029bac152392271789753bc1f300
                                                                                                                                                                                          • Instruction ID: 974df5c6f1470e0bb94d9881d788d236b3f61ab6d35cdf1d9f49e480b906227d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d0f3f982528f2f85dc5154f817162137fc4029bac152392271789753bc1f300
                                                                                                                                                                                          • Instruction Fuzzy Hash: 54F0A771708A4381EB009BA1E8457EC1320AB4CFC4F448031EE5C4776ADE2CD5558301
                                                                                                                                                                                          Function 00007FF8E83B7914 Relevance: 80.7, APIs: 35, Strings: 11, Instructions: 221threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$Warn$Dealloc$Eval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_authX_set_session_id_context
                                                                                                                                                                                          • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$Python$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                                                                                                                                          • API String ID: 2039472478-3748777976
                                                                                                                                                                                          • Opcode ID: 8cfc385c85f2151b9a3207bba0d16566a3d77b193caf614198fe20e9a8f702d3
                                                                                                                                                                                          • Instruction ID: 678cc958247c49f6362544bb1df6565cdd8663762303c569a67cd2fed4b015d4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cfc385c85f2151b9a3207bba0d16566a3d77b193caf614198fe20e9a8f702d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39B12DB1A08A038AEB559BA5E9543BC33A0FFA5BD5F484531C90E477A0DF3CED45870A
                                                                                                                                                                                          Function 00007FF8E83B7D88 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 206threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$DeallocR_clear_errorStringUnicode_X_set_default_passwd_cbX_set_default_passwd_cb_userdata$ConverterEval_ExceptionFreeMatchesMem_Thread_errno$Callable_CheckErrnoFormatFromR_peek_last_errorRestoreSaveX_get_default_passwd_cbX_get_default_passwd_cb_userdataX_use_certificate_chain_file
                                                                                                                                                                                          • String ID: certfile should be a valid filesystem path$keyfile should be a valid filesystem path$password should be a string or callable
                                                                                                                                                                                          • API String ID: 1360066414-998072137
                                                                                                                                                                                          • Opcode ID: be9f50fe327f1cdcd316ed9fc66c234a31b3b322ce1aba76b8c728b4ffab89ca
                                                                                                                                                                                          • Instruction ID: 0e43b64801f63a8a253091d06ed1a2c3459fbfeea55679307036391567ff8b7c
                                                                                                                                                                                          • Opcode Fuzzy Hash: be9f50fe327f1cdcd316ed9fc66c234a31b3b322ce1aba76b8c728b4ffab89ca
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CA11CB5A09A029AEB159FA1E8542BD3370FFA4BDAF084431DD0E43A54CF3DEC55831A
                                                                                                                                                                                          Function 00007FF8E83BB4F8 Relevance: 63.3, APIs: 29, Strings: 7, Instructions: 251COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB566
                                                                                                                                                                                          • PyDict_GetItemWithError.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB57F
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB595
                                                                                                                                                                                          • PyErr_Occurred.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB5A0
                                                                                                                                                                                          • PyLong_FromLong.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB5B1
                                                                                                                                                                                          • PyDict_GetItemWithError.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB5CA
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB5E0
                                                                                                                                                                                          • PyErr_Occurred.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB5EB
                                                                                                                                                                                          • ERR_reason_error_string.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB60A
                                                                                                                                                                                          • SSL_get_verify_result.LIBSSL-3(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB64C
                                                                                                                                                                                          • PyLong_FromLong.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB656
                                                                                                                                                                                          • X509_verify_cert_error_string.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB674
                                                                                                                                                                                          • PyUnicode_FromString.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB682
                                                                                                                                                                                          • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB6B0
                                                                                                                                                                                          • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB6EC
                                                                                                                                                                                          • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB719
                                                                                                                                                                                          • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB73B
                                                                                                                                                                                          • PyUnicode_FromFormat.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB755
                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB78B
                                                                                                                                                                                          • PyObject_CallObject.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB7A8
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB7BF
                                                                                                                                                                                          • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB7E6
                                                                                                                                                                                          • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB805
                                                                                                                                                                                          • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB82F
                                                                                                                                                                                          • PyObject_SetAttr.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB846
                                                                                                                                                                                          • PyErr_SetObject.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB856
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB86A
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB884
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00000000,00000000,00007FF8E83B6595), ref: 00007FF8E83BB89D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: From$DeallocUnicode_$FormatObject_$Attr$Err_$BuildDict_ErrorItemLongLong_ObjectOccurredSizeValue_With$CallL_get_verify_resultR_reason_error_stringStringX509_verify_cert_error_string
                                                                                                                                                                                          • String ID: %s (_ssl.c:%d)$Hostname mismatch, certificate is not valid for '%S'.$IP address mismatch, certificate is not valid for '%S'.$[%S: %S] %s (_ssl.c:%d)$[%S: %S] %s: %S (_ssl.c:%d)$[%S] %s (_ssl.c:%d)$unknown error
                                                                                                                                                                                          • API String ID: 628883730-2914327905
                                                                                                                                                                                          • Opcode ID: 8405ee67c07c6e58532066c7029b619491a3f4fdb64ea75fb38826af50a3c5ba
                                                                                                                                                                                          • Instruction ID: 8093755272693d68e24bdf07bee72c7d7c937a10a476037ac07512ed324de7cc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8405ee67c07c6e58532066c7029b619491a3f4fdb64ea75fb38826af50a3c5ba
                                                                                                                                                                                          • Instruction Fuzzy Hash: DBB14CE1E096928AEA659F92E9447BD63A0BF65BC2F0C4034CD0E47794DF3CEC05870A
                                                                                                                                                                                          Function 00007FF8E83B2150 Relevance: 63.1, APIs: 17, Strings: 19, Instructions: 120COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Module_$ObjectWith$Err_Exception$BasesDeallocFromPackSpecStateTuple_Type_
                                                                                                                                                                                          • String ID: A certificate could not be verified.$Non-blocking SSL socket needs to read more databefore the requested operation can be completed.$Non-blocking SSL socket needs to write more databefore the requested operation can be completed.$SSL/TLS connection terminated abruptly.$SSL/TLS session closed cleanly.$SSLCertVerificationError$SSLEOFError$SSLError$SSLSyscallError$SSLWantReadError$SSLWantWriteError$SSLZeroReturnError$System error when attempting SSL operation.$ssl.SSLCertVerificationError$ssl.SSLEOFError$ssl.SSLSyscallError$ssl.SSLWantReadError$ssl.SSLWantWriteError$ssl.SSLZeroReturnError
                                                                                                                                                                                          • API String ID: 3050075057-1330971811
                                                                                                                                                                                          • Opcode ID: 6efb79807bad80fb4cdb3c57012fcd375ff1a78382323daa4e1eee44fbe07079
                                                                                                                                                                                          • Instruction ID: 719e090e5192fa9a3e63209559a134abd8ba3530a3b7d70bef388617807b6c89
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6efb79807bad80fb4cdb3c57012fcd375ff1a78382323daa4e1eee44fbe07079
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05512BE1A09B0389FB119FA5E8407AC27A5FF25BD5F485136C90E47664EF3CEA44C30A
                                                                                                                                                                                          Function 00007FF8F7A93D80 Relevance: 58.0, APIs: 19, Strings: 14, Instructions: 244networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Format$Deallochtons
                                                                                                                                                                                          • String ID: %s(): AF_HYPERV address must be tuple, not %.500s$%s(): AF_HYPERV address service_id is not a valid UUID string$%s(): AF_HYPERV address vm_id is not a valid UUID string$%s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): unsupported AF_HYPERV protocol: %d$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])$UU;AF_HYPERV address must be a str tuple (vm_id, service_id)
                                                                                                                                                                                          • API String ID: 2819711985-3631354148
                                                                                                                                                                                          • Opcode ID: 915e892543fdef3d2b2c940dd6de7d2bdf0962a4f60b8f8489ab7a7fd9598f75
                                                                                                                                                                                          • Instruction ID: f7e8cb495e8f99b16b1ab65be91fcc868d2078cd82e30b030ae4f32e0ea41b39
                                                                                                                                                                                          • Opcode Fuzzy Hash: 915e892543fdef3d2b2c940dd6de7d2bdf0962a4f60b8f8489ab7a7fd9598f75
                                                                                                                                                                                          • Instruction Fuzzy Hash: 72C1097AA08A4299FB548F65D4821BE33B0FBA4BC8F524136DA6D476D4DF3CE5A5C300
                                                                                                                                                                                          Function 00007FF8F7A970C0 Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 260threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$String$Err_Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_Object_ParseRestoreSaveSys_TupleValue_getaddrinfo
                                                                                                                                                                                          • String ID: Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                                                                                                                                          • API String ID: 3469260611-1074899869
                                                                                                                                                                                          • Opcode ID: 23be9308df294b3ceca43b4538df3c03a2cd0e723b85bf30aa3f47610af3ade2
                                                                                                                                                                                          • Instruction ID: 789c2c85c3a3d45a0d61b1f13084f926bc91f503ab13c9ce5e99e50489d01327
                                                                                                                                                                                          • Opcode Fuzzy Hash: 23be9308df294b3ceca43b4538df3c03a2cd0e723b85bf30aa3f47610af3ade2
                                                                                                                                                                                          • Instruction Fuzzy Hash: A3C1373AA09A029AFB14CF61E4465BD37B4FBA8BC4F024535DE6E52A94DF3CE564C310
                                                                                                                                                                                          Function 00007FF8E83BB050 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 143COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: J_nid2ln$BuildR_descriptionR_get_auth_nidR_get_bitsR_get_cipher_nidR_get_digest_nidR_get_idR_get_kx_nidR_get_nameR_get_versionR_is_aeadSizeValue_memset
                                                                                                                                                                                          • String ID: aead$alg_bits$auth$description$digest$kea$name$protocol$strength_bits$symmetric${sksssssssisisOssssssss}
                                                                                                                                                                                          • API String ID: 2466739568-4085912083
                                                                                                                                                                                          • Opcode ID: 348adc77c70901877c4ec4f7ae4b602a8f7651caed27eb65790c2d2318ddf87b
                                                                                                                                                                                          • Instruction ID: 46a1a52890c29214845d59e93035200abdc1d3d94c04997b85f160b6442020b2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 348adc77c70901877c4ec4f7ae4b602a8f7651caed27eb65790c2d2318ddf87b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 45615E71A09B8299EB218FA1F8443AE73A4FB98BD1F480536D98E43764DF3CE845C705
                                                                                                                                                                                          Function 00007FF8E7DF98C0 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$SSL_CTX_use_certificate$ssl_set_cert
                                                                                                                                                                                          • API String ID: 1552677711-1118281239
                                                                                                                                                                                          • Opcode ID: c4c6de47d5527ed7328ba4f1b9b3bf33f4b36e2ab72b7472a780cc07d133737a
                                                                                                                                                                                          • Instruction ID: 527a16ea518f082def2d167b66fe8658e789348c6478fcdd294b42d76e2bff69
                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c6de47d5527ed7328ba4f1b9b3bf33f4b36e2ab72b7472a780cc07d133737a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 25618766F1CA4381EB44DBA5E4417BD6370EB99FC4F540131EAAD43BAAEE2CE541C702
                                                                                                                                                                                          Function 00007FF8F7A977FC Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 162threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Size$Arg_Err_ParseRestoreSaveStringTuple_$AuditBuildDecodeS_snprintfSys_Unicode_Value_freeaddrinfogetaddrinfogetnameinfohtonl
                                                                                                                                                                                          • String ID: $(O)$IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getnameinfo(): flowinfo must be 0-1048575.$si|II;getnameinfo(): illegal sockaddr argument$sockaddr resolved to multiple addresses$socket.getnameinfo$surrogatepass
                                                                                                                                                                                          • API String ID: 2526741257-243639936
                                                                                                                                                                                          • Opcode ID: 6927a9c5d6e46021d2f689c8ab3e7bfb675eb5ffd39517711cce1eb7cbf2d68d
                                                                                                                                                                                          • Instruction ID: 71369b87b6931adda5c5ca7e2a7d636c40fbe2152488c1cf0f8a11e8f0ab6bf8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6927a9c5d6e46021d2f689c8ab3e7bfb675eb5ffd39517711cce1eb7cbf2d68d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F817D7AA08B429AFB108F25E4411AE73B0FBD8BD4F520136DA6D47AA4DF3CE555C740
                                                                                                                                                                                          Function 00007FF8E83B950C Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 239threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PyWeakref_GetObject.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9545
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9572
                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B95C4
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B95EE
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9634
                                                                                                                                                                                          • SSL_get_rbio.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B965C
                                                                                                                                                                                          • BIO_ctrl.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9671
                                                                                                                                                                                          • SSL_get_wbio.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B967B
                                                                                                                                                                                          • BIO_ctrl.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B968C
                                                                                                                                                                                          • _PyDeadline_Init.PYTHON312 ref: 00007FF8E83B96A8
                                                                                                                                                                                          • PyEval_SaveThread.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B96BB
                                                                                                                                                                                          • SSL_read_ex.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B96D3
                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9707
                                                                                                                                                                                          • PyErr_CheckSignals.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B971C
                                                                                                                                                                                          • _PyDeadline_Get.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9736
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B9811
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B6554: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FF8E83B656C
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B6554: ERR_clear_error.LIBCRYPTO-3 ref: 00007FF8E83B6595
                                                                                                                                                                                          • SSL_get_shutdown.LIBSSL-3(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B978B
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B97D3
                                                                                                                                                                                          • _PyBytes_Resize.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B97E6
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B983F
                                                                                                                                                                                          • PyLong_FromSize_t.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF8E83B94DA), ref: 00007FF8E83B984E
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Err_String$Bytes_Deadline_Eval_FromO_ctrlThread$CheckInitL_get_rbioL_get_shutdownL_get_wbioL_read_exLong_ObjectR_clear_errorR_peek_last_errorResizeRestoreSaveSignalsSizeSize_tWeakref_
                                                                                                                                                                                          • String ID: The read operation timed out$Underlying socket connection gone$maximum length can't fit in a C 'int'$size should not be negative
                                                                                                                                                                                          • API String ID: 2735577670-665203206
                                                                                                                                                                                          • Opcode ID: c6242be1a1fea814af4ff0d41a0323f925fbd63daa1105d9dbe445be642f151f
                                                                                                                                                                                          • Instruction ID: 28242f1aea36f445b0ee7cd01550a6425e2def4f049c89c6225b63a020ffd32a
                                                                                                                                                                                          • Opcode Fuzzy Hash: c6242be1a1fea814af4ff0d41a0323f925fbd63daa1105d9dbe445be642f151f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 88A173B1E09A1289EB659FA5D88077D63A2FF64BD5F184035CD0E47A54EF3DEC42830A
                                                                                                                                                                                          Function 00007FF8E83B6344 Relevance: 42.1, APIs: 23, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Err_State_$ReleaseUnraisableWrite$ArgsCallFunctionObjectObject_$EncodedEnsureFromL_get_ex_dataL_get_servernameLongLong_OccurredUnicode_Weakref_
                                                                                                                                                                                          • String ID: ascii
                                                                                                                                                                                          • API String ID: 3188396730-3510295289
                                                                                                                                                                                          • Opcode ID: 4807ba9a75f27307f97a074e5cdfb74015ee05b53b0d82a4b6a34a9f1de5d507
                                                                                                                                                                                          • Instruction ID: d880b9e5bfa1f70e02ac9389b0c304a2309d718d1e19e5395d5271395d0f0a3e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4807ba9a75f27307f97a074e5cdfb74015ee05b53b0d82a4b6a34a9f1de5d507
                                                                                                                                                                                          • Instruction Fuzzy Hash: 765142B5A09E028EEB199FA1E95437D63A1EF64BD6F1C4430CA0E42755EF3CE845870A
                                                                                                                                                                                          Function 00007FF8E83B2213 Relevance: 42.1, APIs: 10, Strings: 14, Instructions: 69COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_ExceptionModule_ObjectWith
                                                                                                                                                                                          • String ID: Non-blocking SSL socket needs to read more databefore the requested operation can be completed.$Non-blocking SSL socket needs to write more databefore the requested operation can be completed.$SSL/TLS connection terminated abruptly.$SSLEOFError$SSLSyscallError$SSLWantReadError$SSLWantWriteError$SSLZeroReturnError$System error when attempting SSL operation.$ssl.SSLEOFError$ssl.SSLSyscallError$ssl.SSLWantReadError$ssl.SSLWantWriteError$ssl.SSLZeroReturnError
                                                                                                                                                                                          • API String ID: 2947902817-2842970648
                                                                                                                                                                                          • Opcode ID: cf4992e0332ad31ceb9c65323830c9abba29c89e1c2a119788cf022b13db4d23
                                                                                                                                                                                          • Instruction ID: 14133b05ac1890acaae85fccd3790c786dab10daebd99113661f7a3b9b0a861a
                                                                                                                                                                                          • Opcode Fuzzy Hash: cf4992e0332ad31ceb9c65323830c9abba29c89e1c2a119788cf022b13db4d23
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D3121A1A09F4389EB009FA5E9447AC27A5FF65BC5F885036C50E83664DF3CDA09C345
                                                                                                                                                                                          Function 00007FF8F93F21F4 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 206timethreadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _PyTime_FromSecondsObject.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2252
                                                                                                                                                                                          • PyErr_ExceptionMatches.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2266
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F22B2
                                                                                                                                                                                            • Part of subcall function 00007FF8F93F2568: PySequence_Fast.PYTHON312(00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2590
                                                                                                                                                                                          • _PyDeadline_Init.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F236D
                                                                                                                                                                                          • PyEval_SaveThread.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F23A7
                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F23B0
                                                                                                                                                                                          • select.WS2_32(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F23C9
                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F23D5
                                                                                                                                                                                          • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F23DB
                                                                                                                                                                                          • PyErr_CheckSignals.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F23EA
                                                                                                                                                                                          • _PyDeadline_Get.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2407
                                                                                                                                                                                          • _PyTime_AsTimeval_clamp.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2425
                                                                                                                                                                                          • PyErr_Occurred.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2480
                                                                                                                                                                                          • PyTuple_Pack.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F2497
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F24B4
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F24CD
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F24E6
                                                                                                                                                                                          • WSAGetLastError.WS2_32(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F254C
                                                                                                                                                                                          • PyErr_SetExcFromWindowsErr.PYTHON312(?,?,?,00007FF8E7BB2C90,?,?,00007FF8F93F21E3), ref: 00007FF8F93F255E
                                                                                                                                                                                            • Part of subcall function 00007FF8F93F2568: PyObject_AsFileDescriptor.PYTHON312(?,?,00007FF8F93F21E3), ref: 00007FF8F93F2602
                                                                                                                                                                                            • Part of subcall function 00007FF8F93F2568: PyErr_SetString.PYTHON312(?,?,00007FF8F93F21E3), ref: 00007FF8F93F2688
                                                                                                                                                                                            • Part of subcall function 00007FF8F93F2568: _Py_Dealloc.PYTHON312(?,?,00007FF8F93F21E3), ref: 00007FF8F93F269C
                                                                                                                                                                                            • Part of subcall function 00007FF8F93F2568: _Py_Dealloc.PYTHON312(?,?,00007FF8F93F21E3), ref: 00007FF8F93F26B0
                                                                                                                                                                                            • Part of subcall function 00007FF8F93F2568: _Py_Dealloc.PYTHON312(?,?,00007FF8F93F21E3), ref: 00007FF8F93F26CB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocErr_$Deadline_Eval_FromStringThreadTime__errno$CheckDescriptorErrorExceptionFastFileInitLastMatchesObjectObject_OccurredPackRestoreSaveSecondsSequence_SignalsTimeval_clampTuple_Windowsselect
                                                                                                                                                                                          • String ID: timeout must be a float or None$timeout must be non-negative
                                                                                                                                                                                          • API String ID: 1581318368-2150404077
                                                                                                                                                                                          • Opcode ID: 7d38a3b17ebf55bf49675b82177c9a06bc5c3781fec886ab968ba646aff31ed1
                                                                                                                                                                                          • Instruction ID: d39095749a487a998c4364cfd48bbfff3d85502a1c5e973a59504df21b8a6f88
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d38a3b17ebf55bf49675b82177c9a06bc5c3781fec886ab968ba646aff31ed1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 58912D21A08AC3DAEB289F21DC445B963A0FB65BD8F406131DA2D4A6DCDF3EE545C700
                                                                                                                                                                                          Function 00007FF8F7A94818 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 134COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BuildSizeValue_
                                                                                                                                                                                          • String ID: OiII$Unknown Bluetooth protocol$iy#
                                                                                                                                                                                          • API String ID: 1740464280-1931379703
                                                                                                                                                                                          • Opcode ID: 2c90a777015936f6242ff3f88189728316a6011ed5f6e7f78305c2caed58fa32
                                                                                                                                                                                          • Instruction ID: f8c8a04c7fb50be1bb7ca4d6faa77955fbd6d78290d389b5147e7ea4af15c8ac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c90a777015936f6242ff3f88189728316a6011ed5f6e7f78305c2caed58fa32
                                                                                                                                                                                          • Instruction Fuzzy Hash: 26515329A0C6439AFB248B62F45617E63B0BFA5BD1F464131DA7E47AD4EF2CE465C300
                                                                                                                                                                                          Function 00007FF8E83B4F90 Relevance: 36.2, APIs: 24, Instructions: 168COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocList_$X509_$AppendTuple$Y_set$E_entry_countE_get_entryY_get_dataY_get_object
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3918441104-0
                                                                                                                                                                                          • Opcode ID: 809b1bf11eac808d062429b2f26ed9deb20ac5f1ddba2d5298b9d28464af92a7
                                                                                                                                                                                          • Instruction ID: 72cdd782026725c341a2286184393a2d7f5f3f9d6b7e1d223c25a67b30a4859e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 809b1bf11eac808d062429b2f26ed9deb20ac5f1ddba2d5298b9d28464af92a7
                                                                                                                                                                                          • Instruction Fuzzy Hash: CF613DB1A09A0289FE1A9FE1A95437D63E1BF65BD2F0C0530CE0E46791DF3DE845830A
                                                                                                                                                                                          Function 00007FF8E83B4D0C Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_clear_errorR_peek_last_error$E_add_certErr_M_read_bio_O_ctrlO_freeO_new_mem_bufStringX509X509_X509_bioX509_freeX_get_cert_storeX_get_default_passwd_cbX_get_default_passwd_cb_userdatad2i_
                                                                                                                                                                                          • String ID: Can't allocate buffer$Certificate data is too long.$Empty certificate data$no start line: cadata does not contain a certificate$not enough data: cadata does not contain a certificate
                                                                                                                                                                                          • API String ID: 2827233063-3246380861
                                                                                                                                                                                          • Opcode ID: 6d693b50e03cec1b008185fdff2a714a1ab6100bff11ef692ef5d29a0fcdf03d
                                                                                                                                                                                          • Instruction ID: 471d39b7c697c2bcc007dcac89e4706537d8bc38cfc0d9e71bb796cb11e44626
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d693b50e03cec1b008185fdff2a714a1ab6100bff11ef692ef5d29a0fcdf03d
                                                                                                                                                                                          • Instruction Fuzzy Hash: B151E8A1A08A434AFB659B96AD4037D6390BFA4BD9F1C0135DD1E87790DF3CEC85820E
                                                                                                                                                                                          Function 00007FF8E83BA410 Relevance: 34.7, APIs: 23, Instructions: 200encryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Cert$Store$FromSet_$Bytes_CertificateCertificatesCloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeStringTuple_Windows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3212101135-0
                                                                                                                                                                                          • Opcode ID: 574e40423505b0493daf3756d5b0c0d170713b018af0d72cd6bdf364de5252c6
                                                                                                                                                                                          • Instruction ID: 929a1db701cf4c37c389876357b72cb1bc8ea2d756aa0914e9228495598783d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 574e40423505b0493daf3756d5b0c0d170713b018af0d72cd6bdf364de5252c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB816DF5E4AA128DEA1A5BA1AA1C37D73A1BF64BD6F0C4031C94D46780DF3CED55830A
                                                                                                                                                                                          Function 00007FF8E83BA9D8 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_DeallocDecodeDefaultFromStringUnicode_$BuildSizeValue_X509_get_default_cert_dirX509_get_default_cert_dir_envX509_get_default_cert_fileX509_get_default_cert_file_env
                                                                                                                                                                                          • String ID: NNNN
                                                                                                                                                                                          • API String ID: 3186749377-3742719684
                                                                                                                                                                                          • Opcode ID: ba4602c50e50d7b4ed99e7e7749bf677fb6e593683ab5ace638b0726c12de3ac
                                                                                                                                                                                          • Instruction ID: 8d077ff61958aa93fa2a3c118efc18dc745e903c9d6f489483c58f40cd58aa10
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba4602c50e50d7b4ed99e7e7749bf677fb6e593683ab5ace638b0726c12de3ac
                                                                                                                                                                                          • Instruction Fuzzy Hash: F751FAB5A4BB428EFA5A8F95955837C63A1AF65BD2F0C4430CE1E46750EF3CEC41870A
                                                                                                                                                                                          Function 00007FF8E83BA7A8 Relevance: 30.2, APIs: 20, Instructions: 162encryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Cert$Store$FromSet_$Bytes_CloseContextEnumErr_ErrorFreeLastListOpenSequence_SizeStringTuple_Windows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2193414262-0
                                                                                                                                                                                          • Opcode ID: e8d4d306bdee79fc054bb24a53fad1840f3731461c332a11de25cfa55012f3f2
                                                                                                                                                                                          • Instruction ID: f9e266b639658cc004fe47ef96a518676afbd2be4ba089cf4da24dc3ae2d298c
                                                                                                                                                                                          • Opcode Fuzzy Hash: e8d4d306bdee79fc054bb24a53fad1840f3731461c332a11de25cfa55012f3f2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C6122B1E4AA1689FA5A5FA1A91837C73A4AF64BD1F1D4430CE0D46794DF3CEC41D30A
                                                                                                                                                                                          Function 00007FF8E7DD1875 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$DOWNGRD$ssl_choose_client_version
                                                                                                                                                                                          • API String ID: 193678381-1176365113
                                                                                                                                                                                          • Opcode ID: bae2fb82688bdea4f5129782a92959ac222e94420b57007cd42f8f2fe45d9cac
                                                                                                                                                                                          • Instruction ID: 5add8e6c5c6b22c8d09819f269e6d608d12c3224b13f8f6fa237341811bd03b2
                                                                                                                                                                                          • Opcode Fuzzy Hash: bae2fb82688bdea4f5129782a92959ac222e94420b57007cd42f8f2fe45d9cac
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1581AF72B09643A6FB649BA5D5417BD2360AF90BC0F544031DAAD07BE5EF3CF8918B42
                                                                                                                                                                                          Function 00007FF8E83B3EA4 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 160COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_clear_error$Err_FromObjectR_peek_last_errorWeakref_Windows
                                                                                                                                                                                          • String ID: A failure in the SSL library occurred$EOF occurred in violation of protocol$Invalid error code$Some I/O error occurred$TLS/SSL connection has been closed (EOF)$The operation did not complete (X509 lookup)$The operation did not complete (connect)$The operation did not complete (read)$The operation did not complete (write)
                                                                                                                                                                                          • API String ID: 2320205569-3413158800
                                                                                                                                                                                          • Opcode ID: 0641e27fd8f78c543f7f16dc91740c8d5ff7c05e22c36115218a88cc5e0f1df9
                                                                                                                                                                                          • Instruction ID: e73cac0d89c5ba55ea650cbdde312dc07cb70ead6d2b9c819d4c9ffd0d16edca
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0641e27fd8f78c543f7f16dc91740c8d5ff7c05e22c36115218a88cc5e0f1df9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 03617BA2A089A6D9EB558F95D90437DA3A1FBA4BD4F1C4131DA0D137A4CF3EEC45C30A
                                                                                                                                                                                          Function 00007FF8E83B46CC Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 83threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$O_ctrlRestoreSaveX_set_keylog_callback$DeallocErr_O_free_allO_new_fpO_putsPy_fopen_objString
                                                                                                                                                                                          • String ID: # TLS secrets log file, generated by OpenSSL / Python$Can't malloc memory for keylog file
                                                                                                                                                                                          • API String ID: 2661017659-2802485923
                                                                                                                                                                                          • Opcode ID: 0d7e0531cee46bc1fca58419a57c0774116c972c417ce189fb93de5914ecdee3
                                                                                                                                                                                          • Instruction ID: d00e7232f99c2c05eb0746b8cf0e9250bb0158a719951c6e7db92955aa872e6d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d7e0531cee46bc1fca58419a57c0774116c972c417ce189fb93de5914ecdee3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 07414DB5A08A029AEB559FA5E9543BD3360FF69BC5F084031CA1E47A50DF3CE865C30A
                                                                                                                                                                                          Function 00007FF8E83B57C4 Relevance: 27.1, APIs: 18, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocList_$L_sk_numS_free$Size$AppendFromJ_obj2nidL_sk_valueStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 230305477-0
                                                                                                                                                                                          • Opcode ID: 7cb68e2f73d244c48e622bfae55a38212c24a215a7ba3aedf2fed87496e50edb
                                                                                                                                                                                          • Instruction ID: df4dfffe4eae54faef26172c2ecbb532a46f8a07220eb045910218967209e497
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cb68e2f73d244c48e622bfae55a38212c24a215a7ba3aedf2fed87496e50edb
                                                                                                                                                                                          • Instruction Fuzzy Hash: E541FBA1E09A4689FA5A8FE2E95437D73A1AF65BD2F0C4130C91E86754DF3DEC41830A
                                                                                                                                                                                          Function 00007FF8E83B66F8 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_free$Err_String$DecodeM_write_bio_ModuleO_ctrlO_newO_s_memR_clear_errorR_peek_last_errorStateType_Unicode_X509_X509_bioi2d_
                                                                                                                                                                                          • String ID: Unsupported format$error$failed to allocate BIO$i
                                                                                                                                                                                          • API String ID: 629801032-3389475273
                                                                                                                                                                                          • Opcode ID: 5105b94bdb99ba24f5231ded63303cb52faaabbf3e8560bca382117479970ea2
                                                                                                                                                                                          • Instruction ID: c4284c40556324c32ff51f65241a36616ac028af3dbd9c7f0b22edd3cc6340f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5105b94bdb99ba24f5231ded63303cb52faaabbf3e8560bca382117479970ea2
                                                                                                                                                                                          • Instruction Fuzzy Hash: F43186E4A0CA438AFA14ABA5E91527D6360FFA4BC1F2C4031D90E07765DF3CEC05830A
                                                                                                                                                                                          Function 00007FF8F7A981A4 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_Release$Err_$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                                                                                                                                                                          • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                                                                                                                                                                          • API String ID: 1507301079-2822559286
                                                                                                                                                                                          • Opcode ID: 8914fd166e94a25eb4c972e6be260fa4d7afa7c5e9c8c908918885cf5d7b0209
                                                                                                                                                                                          • Instruction ID: 2bc1f9d5298172497763c2f89599cae7e957426f0217894cf9cb0e48e2e83f26
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8914fd166e94a25eb4c972e6be260fa4d7afa7c5e9c8c908918885cf5d7b0209
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E31FB29A1894299FB608B25E8526BD23B0FBE4BC4F520432D56F876E4DE2CE468C711
                                                                                                                                                                                          Function 00007FF8E83B245C Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Module_$BuildFromOpenSizeValue_$L_versionL_version_numLongLong_StringUnicode_Unsigned
                                                                                                                                                                                          • String ID: IIIII$OPENSSL_VERSION$OPENSSL_VERSION_INFO$OPENSSL_VERSION_NUMBER$_OPENSSL_API_VERSION
                                                                                                                                                                                          • API String ID: 1934562181-595941748
                                                                                                                                                                                          • Opcode ID: 060624a517c6c1678eff8850b3ea2639545a3adc450ca7512e710bde64e7db5f
                                                                                                                                                                                          • Instruction ID: a7637b899c746a3a707a46a2c52360f89df5ba23bd6653c1e4575dbd539907d8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 060624a517c6c1678eff8850b3ea2639545a3adc450ca7512e710bde64e7db5f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 212191A1F08B138AFB108BA5F8543AD77A0EF94BD6F480236C94E47A54DF3CE9058705
                                                                                                                                                                                          Function 00007FF8E83BA1A4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • a2i_IPADDRESS.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA1E9
                                                                                                                                                                                          • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA1F7
                                                                                                                                                                                          • PyUnicode_Decode.PYTHON312(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA211
                                                                                                                                                                                          • SSL_ctrl.LIBSSL-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA236
                                                                                                                                                                                          • SSL_get0_param.LIBSSL-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA26D
                                                                                                                                                                                          • X509_VERIFY_PARAM_set1_host.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA28E
                                                                                                                                                                                          • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA2A5
                                                                                                                                                                                          • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA2B1
                                                                                                                                                                                          • X509_VERIFY_PARAM_set1_ip.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA2C0
                                                                                                                                                                                          • ASN1_OCTET_STRING_free.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA2F0
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FF8E83BBCFA,?,?,00007FF8E7BB2C90,?,?,?,00000000,00007FF8E83B7305), ref: 00007FF8E83BA309
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$DecodeErr_G_freeG_get0_dataG_lengthL_ctrlL_get0_paramM_set1_hostM_set1_ipR_clear_errorStringUnicode_a2i_
                                                                                                                                                                                          • String ID: ascii$server_hostname cannot be an empty string or start with a leading dot.$strict
                                                                                                                                                                                          • API String ID: 2286705765-138613600
                                                                                                                                                                                          • Opcode ID: 368d5bc398997bb9de3077884b4bef95546a4a203bdafaf8c1210e5a4fc984de
                                                                                                                                                                                          • Instruction ID: 38f9692dd4bb2533dae80c44613791a153b1fae0e07367b9a33801c125b52c52
                                                                                                                                                                                          • Opcode Fuzzy Hash: 368d5bc398997bb9de3077884b4bef95546a4a203bdafaf8c1210e5a4fc984de
                                                                                                                                                                                          • Instruction Fuzzy Hash: 174190A1A49A428AEB258FD6950877D7361FFA4BD4F0C4131CE4E4B7A0DF3DE845830A
                                                                                                                                                                                          Function 00007FF8E7DD1825 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                          • API String ID: 2935861444-3152457077
                                                                                                                                                                                          • Opcode ID: e22caefd459698eef22aae7eb673479cd39751a60846fff1320b17e4127f4f89
                                                                                                                                                                                          • Instruction ID: ef228f9f92b5a133139b9a83b999e4ad4cd45b30746f6252aafab87709413e9b
                                                                                                                                                                                          • Opcode Fuzzy Hash: e22caefd459698eef22aae7eb673479cd39751a60846fff1320b17e4127f4f89
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C317222B0D60381EA58AFE5E51277C3660EF44FC4F450631EA6D07BEEEE2CE8508742
                                                                                                                                                                                          Function 00007FF8E83B4A9C Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 64threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Eval_State_Thread_errno$EnsureErrnoExceptionFilenameFromL_get_ex_dataO_ctrlO_printfObjectRaisedReleaseRestoreSaveThread_acquire_lockThread_release_lockWith
                                                                                                                                                                                          • String ID: %s
                                                                                                                                                                                          • API String ID: 1935682029-620797490
                                                                                                                                                                                          • Opcode ID: db196679997a0a7a65d1884a040756ea45188fb2ca3d3dadbd2bfe90b3587740
                                                                                                                                                                                          • Instruction ID: 8fa4432fb6ed79c199c82dfe91b894fcb9af55a0b5afb4a368bca8a74c72e194
                                                                                                                                                                                          • Opcode Fuzzy Hash: db196679997a0a7a65d1884a040756ea45188fb2ca3d3dadbd2bfe90b3587740
                                                                                                                                                                                          • Instruction Fuzzy Hash: E821F9B6A08A418AEB15DFA2E85426D7360FB98FD6F084131CE4E43724DF3DD8858305
                                                                                                                                                                                          Function 00007FF8F7A97E64 Relevance: 24.1, APIs: 16, Instructions: 106COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1684791173-0
                                                                                                                                                                                          • Opcode ID: 4e34433835737fb3ff529df7f7306c6b69068dc67150295e4878238cb45ebe9e
                                                                                                                                                                                          • Instruction ID: e466b2b11175a22b2e002251746b34d816bb555b7022f23be9f6b8f125f57635
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e34433835737fb3ff529df7f7306c6b69068dc67150295e4878238cb45ebe9e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A41633AA08A4299FB644B20E85637D73B0FFA8BC5F060035C96E526D4EF2CE464CB10
                                                                                                                                                                                          Function 00007FF8E7DF8830 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug$L_sk_numP_resp_countT_free$E_freeL_sk_valueP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicX_freeX_new_exd2i_
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_validate_ct
                                                                                                                                                                                          • API String ID: 2834088071-2167807083
                                                                                                                                                                                          • Opcode ID: 45b8fe5c2a446983dd5c06f5c4fa8af61fefeabd3bc74d14b32b659fbc4b2335
                                                                                                                                                                                          • Instruction ID: 99121130ac7d397509d8441599ecd13d9af72902398d37d367cdd4bd63cac55d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 45b8fe5c2a446983dd5c06f5c4fa8af61fefeabd3bc74d14b32b659fbc4b2335
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE517C21F0E68385EA58AAE6D5563BD2250EF85FC0F484231DE6D4B7A6DF2CE4518343
                                                                                                                                                                                          Function 00007FF8F7A95E90 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                                                                                                                                                                          • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                                                                                                                                                                          • API String ID: 1148432870-4238462244
                                                                                                                                                                                          • Opcode ID: 281e550bce6c78bd7668c016f160d04607797c634319134c59071ece2302defe
                                                                                                                                                                                          • Instruction ID: 0dc6f86094483e38eda6878214fa8fa039aa9d1647fddfb1bac210bc78908415
                                                                                                                                                                                          • Opcode Fuzzy Hash: 281e550bce6c78bd7668c016f160d04607797c634319134c59071ece2302defe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E515E36A18A029DF750CF64E8815ED33B0FB98798F554132EA6E93AD8EF38D564C740
                                                                                                                                                                                          Function 00007FF8F7A94230 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_String$DeallocErr_Size
                                                                                                                                                                                          • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                                                                                                                                                                          • API String ID: 2522550923-2120988924
                                                                                                                                                                                          • Opcode ID: 7e83059e8b44ae695e1944d6d4c487bf6ffb85ae8c0ab70a37bc135e2c9e2e91
                                                                                                                                                                                          • Instruction ID: c0eea1132711f5a10984f5c936d848e17ba2b78cdfa8fdea1deacb2f1baf2d6b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e83059e8b44ae695e1944d6d4c487bf6ffb85ae8c0ab70a37bc135e2c9e2e91
                                                                                                                                                                                          • Instruction Fuzzy Hash: 36411A69A09B4299FB588F65E85237E33B0ABA5BD4F565135CA3E473D0DF2CE4A4C300
                                                                                                                                                                                          Function 00007FF8F7A969F0 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: SizeTuple_$Arg_Buffer_ParseRelease$AuditErr_FormatFromLong_Ssize_tSys_
                                                                                                                                                                                          • String ID: sendto$sendto() takes 2 or 3 arguments (%zd given)$socket.sendto$y*O:sendto$y*iO:sendto
                                                                                                                                                                                          • API String ID: 3528750861-2448770124
                                                                                                                                                                                          • Opcode ID: 9287599c6fe274f5c35fcea3724ac80580926c89a32ae1626e0a8a3f39fb2901
                                                                                                                                                                                          • Instruction ID: 996dc551752109414102e86089a647e7bf9922ecdcaf76ae104e3159a3c836d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9287599c6fe274f5c35fcea3724ac80580926c89a32ae1626e0a8a3f39fb2901
                                                                                                                                                                                          • Instruction Fuzzy Hash: ED413939608A4699FB10CF65E8512AE73B1FB987C8F411136EA5D43BA8EF3CE554C740
                                                                                                                                                                                          Function 00007FF8E83B6C70 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_$Arg_$ArgumentBufferCheckContiguousDoubleErr_FillFloat_InfoObject_OccurredPositionalReleaseSizeUnicode_memset
                                                                                                                                                                                          • String ID: RAND_add$argument 1$contiguous buffer
                                                                                                                                                                                          • API String ID: 2392993315-868614225
                                                                                                                                                                                          • Opcode ID: 6f0c3974c212732546d1872a9f59eb2ab2d10b859ccd55f0ff3cf044d61906d9
                                                                                                                                                                                          • Instruction ID: 239de752068b2be3dbb93a2e60b534f7a7d83619c64de45cdef3a7fa55a4d95a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f0c3974c212732546d1872a9f59eb2ab2d10b859ccd55f0ff3cf044d61906d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB41A0A2A1CA8689EB51CBA5E8403BD73A0FF64BC5F588035DA0D03665EF7CED45C306
                                                                                                                                                                                          Function 00007FF8E83BA0AC Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Bytes_DeallocErr_M_read_bio_Module_O_ctrlO_freeO_newO_s_fileStateX509X509_free
                                                                                                                                                                                          • String ID: Can't malloc memory to read file$Can't open file$Error decoding PEM-encoded file
                                                                                                                                                                                          • API String ID: 2561677103-2145957498
                                                                                                                                                                                          • Opcode ID: 9a56cd4d60d9b6928bcfed637552bf2172721e20dce6d3f42305d0d78782beb5
                                                                                                                                                                                          • Instruction ID: c5b930cab6eaae6f81c101541a4e48a2a706b1dd75b5d87e84f02175721edeed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a56cd4d60d9b6928bcfed637552bf2172721e20dce6d3f42305d0d78782beb5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E212DA1A49B4289FA598B96A90877D7361AF64FC1F4C5030DD4E07B54DF3DEC45830A
                                                                                                                                                                                          Function 00007FF8E83B7540 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 63COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$L_sk_num$BuildE_get0_objectsL_sk_valueSizeT_get0_T_get_typeValue_X509X509_check_caX_get_cert_store
                                                                                                                                                                                          • String ID: crl$x509$x509_ca${sisisi}
                                                                                                                                                                                          • API String ID: 3289807285-1814362494
                                                                                                                                                                                          • Opcode ID: 9aeab0530feae0461bf7523b0ecc6a8b7d92815f2275590efcc13bb3a54cfb8f
                                                                                                                                                                                          • Instruction ID: 1b0c1f662d6e483afc74f0da7c5361518b654be98f7687c50d49553bc7ff0de3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9aeab0530feae0461bf7523b0ecc6a8b7d92815f2275590efcc13bb3a54cfb8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: F12153A1E08B068AE6559FA6B84427D77A0FBA4BD1F580135DD4F47324DF3CE845870A
                                                                                                                                                                                          Function 00007FF8F7A97C1C Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 50threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Err_Eval_Thread$Arg_AuditFromParseRestoreSaveSizeSys_Tuple_Unicode_getservbyporthtons
                                                                                                                                                                                          • String ID: getservbyport: port must be 0-65535.$i|s:getservbyport$port/proto not found$socket.getservbyport
                                                                                                                                                                                          • API String ID: 3420281234-2618607128
                                                                                                                                                                                          • Opcode ID: fd1bdfdd8a4371261d37710fa96bb3dc0dda88731653016ca55f60b11283898d
                                                                                                                                                                                          • Instruction ID: 6193c2f258edbcdf89f8975c95280c0a1ae8487dea46403a77fd02b0dbc19f93
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd1bdfdd8a4371261d37710fa96bb3dc0dda88731653016ca55f60b11283898d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 57211B29A18A0399FB048F15E84627D73B1FBA9BC4F520031DA6E476E8DF3DE468C710
                                                                                                                                                                                          Function 00007FF8E83B1160 Relevance: 21.1, APIs: 14, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dict_$From$DeallocItemStringUnicode_$BuildLongLong_Module_SizeStateValue_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4085978302-0
                                                                                                                                                                                          • Opcode ID: 6ac0ff61c8e0a8f2198d58a7273ddcbe8b56034a007eb6dd31c9e025558c8752
                                                                                                                                                                                          • Instruction ID: 2b01babc76313dc4d8fbea2169b150d285a75eefb5376eb8f22d59f26411f551
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ac0ff61c8e0a8f2198d58a7273ddcbe8b56034a007eb6dd31c9e025558c8752
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8451FEB1E09B4289EA569BE1E8443BD63E4EF65BD5F0C4434CA4D86795EF3CE840C70A
                                                                                                                                                                                          Function 00007FF8E83B5954 Relevance: 21.1, APIs: 14, Instructions: 101COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • X509_get_ext_d2i.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B597B
                                                                                                                                                                                          • PyList_New.PYTHON312(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5997
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B59AF
                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B59C3
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B59DB
                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B59EB
                                                                                                                                                                                          • PyUnicode_FromStringAndSize.PYTHON312(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A01
                                                                                                                                                                                          • PyList_Append.PYTHON312(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A15
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A2B
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A3C
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A4D
                                                                                                                                                                                          • PyList_AsTuple.PYTHON312(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A65
                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A85
                                                                                                                                                                                          • CRL_DIST_POINTS_free.LIBCRYPTO-3(?,?,00000000,00007FF8E83B576C), ref: 00007FF8E83B5A8E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$List_$DeallocL_sk_value$AppendFromS_freeSizeStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3668485020-0
                                                                                                                                                                                          • Opcode ID: e0a94719572de4e84d325d5bc992d00250c3867ea8c99ad8f870f884197e72df
                                                                                                                                                                                          • Instruction ID: cf6bc243e7fa9a3e88d067118ffe58e6ac5f2c9352ee2cad9a6986243a3f5a60
                                                                                                                                                                                          • Opcode Fuzzy Hash: e0a94719572de4e84d325d5bc992d00250c3867ea8c99ad8f870f884197e72df
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15413BA1A09A468DFA1A9FE2A85477D73A0BF64FD6F0C4530CD0E56760DF3CE841870A
                                                                                                                                                                                          Function 00007FF8E7DF7830 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_new$D_get_sizeDigestFinal_exR_set_debugX_copy_exX_freeX_get0_mdX_new
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_handshake_hash
                                                                                                                                                                                          • API String ID: 474506514-3232504857
                                                                                                                                                                                          • Opcode ID: ceafdee3e3782c6bf8579b40f9a8a55036da8825d3d60d381326b8fbaab8a38b
                                                                                                                                                                                          • Instruction ID: 92657f71b2a3a578401cef890828dbdb0c28994d33b898d30d1e72298a8dc416
                                                                                                                                                                                          • Opcode Fuzzy Hash: ceafdee3e3782c6bf8579b40f9a8a55036da8825d3d60d381326b8fbaab8a38b
                                                                                                                                                                                          • Instruction Fuzzy Hash: ED21AF21F0DA4381F614AAE2EC42BFE5250AF44FE0F540131EDAD477AAEE3CE4428306
                                                                                                                                                                                          Function 00007FF8E83B3DCC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Bytes_D_bytesErr_FromSize
                                                                                                                                                                                          • String ID: (ks)$num must be positive
                                                                                                                                                                                          • API String ID: 574210595-3708576348
                                                                                                                                                                                          • Opcode ID: 4d1367dc8eff439d349366d35261269e4a0d7ea4fb37f4cf14861882ced05321
                                                                                                                                                                                          • Instruction ID: 34e106427b2f2b88224dd0ce792623db78c07bba6822601db758bf15632bd158
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d1367dc8eff439d349366d35261269e4a0d7ea4fb37f4cf14861882ced05321
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A2138A2E0865289EF168BA5E85437D63E1BFA4FD5F0C4431C94E46764DF3CEC45870A
                                                                                                                                                                                          Function 00007FF8E83BAC94 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$MallocMem_MemoryStringi2d_
                                                                                                                                                                                          • String ID: Invalid session$d2i() failed$i2d() failed
                                                                                                                                                                                          • API String ID: 982646903-2456513230
                                                                                                                                                                                          • Opcode ID: 8d7d25d7efc64e9c340df37f7f98708b5e0d4361df87152d03d71d6870318aa0
                                                                                                                                                                                          • Instruction ID: 160c27ee49406be9ded69a679ce2720cf7bb0ef610b99756a2793ce7b63ef5c6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d7d25d7efc64e9c340df37f7f98708b5e0d4361df87152d03d71d6870318aa0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A2191A0A4EF4289EA199B95E45827D63A0FFA4BD2F4C4035D80E46694EF7CEC44830A
                                                                                                                                                                                          Function 00007FF8E83B76D8 Relevance: 19.6, APIs: 13, Instructions: 89COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocX509_$L_sk_numList_$AppendE_get0_objectsL_sk_valueT_get0_T_get_typeX509X509_check_caX_get_cert_store
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2012148854-0
                                                                                                                                                                                          • Opcode ID: 677a2a7ef38e41270f67476ed4eaf290bbf38488bce943b36e0edbee4a34c89e
                                                                                                                                                                                          • Instruction ID: cfb24101a49f191b7d75cacf843b76a9c136c3186515d73c64fd3602c0a3b214
                                                                                                                                                                                          • Opcode Fuzzy Hash: 677a2a7ef38e41270f67476ed4eaf290bbf38488bce943b36e0edbee4a34c89e
                                                                                                                                                                                          • Instruction Fuzzy Hash: F93156A1E096038EEA19ABE2A95537D2391EF64FD2F0C0030DD0E86754DF3CEC41834A
                                                                                                                                                                                          Function 00007FF8E83BBE10 Relevance: 19.6, APIs: 13, Instructions: 86encryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Mem_$CertEnhancedFreeSet_Usage$DeallocErr_ErrorFromFrozenLastMallocMemoryStringUnicode_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2458427691-0
                                                                                                                                                                                          • Opcode ID: ecf277b7f1f1226f3989633468d27b80817bd0a48cbccc4f56ff8e9a5d3006d9
                                                                                                                                                                                          • Instruction ID: 0f5400975251eb3a496d299ad3b2ccec51947af3d40df8b6e3905e24b0f04e8f
                                                                                                                                                                                          • Opcode Fuzzy Hash: ecf277b7f1f1226f3989633468d27b80817bd0a48cbccc4f56ff8e9a5d3006d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: FD3132A1E0DA428DFB559FA6A84437D73A1AF64BD2F0C0434DA4E427A0DF3CEC45870A
                                                                                                                                                                                          Function 00007FF8E7E0E860 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_indent$O_printf$O_puts
                                                                                                                                                                                          • String ID: No Ticket$ticket$ticket_age_add=%u$ticket_lifetime_hint=%u$ticket_nonce
                                                                                                                                                                                          • API String ID: 1353156648-4248733311
                                                                                                                                                                                          • Opcode ID: b13fd8103a99568b04685d104001131d26d03b890c1560280c5a74ef2bb69454
                                                                                                                                                                                          • Instruction ID: 1de6a8f342997728454a5de64354659b366f88b01358a7bb9aaf8b7f4116f860
                                                                                                                                                                                          • Opcode Fuzzy Hash: b13fd8103a99568b04685d104001131d26d03b890c1560280c5a74ef2bb69454
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C51BD2270869246EB109BA9D8447AD7BA1FB86BE4F484231EAFC43BD5EF3CD145C701
                                                                                                                                                                                          Function 00007FF8E7DD17FD Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_initial_server_flight$tls_process_server_done
                                                                                                                                                                                          • API String ID: 193678381-2920457334
                                                                                                                                                                                          • Opcode ID: d63212e2b2cc82b54eb082563034dd8867e18041332f98209b8b332e0fcd4ec1
                                                                                                                                                                                          • Instruction ID: 08fbad1e4a73afb07056f7bbec61ce68f553592a55e9f70c3cd3cc32f141b778
                                                                                                                                                                                          • Opcode Fuzzy Hash: d63212e2b2cc82b54eb082563034dd8867e18041332f98209b8b332e0fcd4ec1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E417961F1864351F750ABE1D816BFD23A0AF85BC4F480231C9AC466E6EE6CE591C762
                                                                                                                                                                                          Function 00007FF8E83B6170 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_String$DeallocMem_$FormatFreeMallocUnicode_memcpy
                                                                                                                                                                                          • String ID: password cannot be longer than %d bytes$unable to allocate password buffer
                                                                                                                                                                                          • API String ID: 1570515377-2395793021
                                                                                                                                                                                          • Opcode ID: 27c327eb6fd411063760411ebe036a5166684e07770f5e25d403ea2f025cf5cc
                                                                                                                                                                                          • Instruction ID: 2cdcdeb35c44664c5fd520019d6831f3268cf62a7db70e6c58d895e2f4ee629e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27c327eb6fd411063760411ebe036a5166684e07770f5e25d403ea2f025cf5cc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47410DA1A09E4289FA198BD6E84437D63A0FBA5FD1F1C4435CA5D4BB56DF3CE844830A
                                                                                                                                                                                          Function 00007FF8E83BBFE8 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 94COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$Arg_FormatParse_SizeStringWarnX_ctrl
                                                                                                                                                                                          • String ID: The context's protocol doesn't support modification of highest and lowest version.$Unsupported TLS/SSL version 0x%x$Unsupported protocol version 0x%x$ssl.TLSVersion.SSLv3 is deprecated$ssl.TLSVersion.TLSv1 is deprecated$ssl.TLSVersion.TLSv1_1 is deprecated
                                                                                                                                                                                          • API String ID: 1675272777-3879554506
                                                                                                                                                                                          • Opcode ID: cca8cfcf8a42b5c7d154f3468205852502fb87256c79403b6365d5d4607db5dc
                                                                                                                                                                                          • Instruction ID: e42ca2923a5b093dcbc6e811c8fedd22a812bc0a00d41a90e78edb39e35e3445
                                                                                                                                                                                          • Opcode Fuzzy Hash: cca8cfcf8a42b5c7d154f3468205852502fb87256c79403b6365d5d4607db5dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1741A4E1B1C91289FA758799D85477D2260AFA17E0F2C0231C91D42EE4CF6DED86870B
                                                                                                                                                                                          Function 00007FF8F7A974D8 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_AuditErr_FreeMem_ParseSizeStringSys_Tuple_
                                                                                                                                                                                          • String ID: et:gethostbyaddr$idna$socket.gethostbyaddr$unsupported address family
                                                                                                                                                                                          • API String ID: 1738687268-1751716127
                                                                                                                                                                                          • Opcode ID: 3e5173f07728f8a13052734a01804be23916fa4b7a18e32563143fb0e659bac7
                                                                                                                                                                                          • Instruction ID: adcc54b89781bf50ad3c7446801b95e5a5084927e2468aa23a223a988855f082
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e5173f07728f8a13052734a01804be23916fa4b7a18e32563143fb0e659bac7
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B315069A0868299FB609B16E8463BE7370BBA8BC0F460032DEAD43794DE3CD459C710
                                                                                                                                                                                          Function 00007FF8F7A9660C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_Release$Size$Arg_BuildDeallocErr_Keywords_ParseStringTupleValue_
                                                                                                                                                                                          • String ID: nbytes is greater than the length of the buffer$negative buffersize in recvfrom_into$w*|ni:recvfrom_into
                                                                                                                                                                                          • API String ID: 252658603-4033050226
                                                                                                                                                                                          • Opcode ID: 74b9f6045021142c28af05c0d6cd1f75869044d78398ec724b84b7d1e6903ac5
                                                                                                                                                                                          • Instruction ID: 308c415d31a66386cba9caf47fc1a95d8d895427b7471a8d8847106053b4c818
                                                                                                                                                                                          • Opcode Fuzzy Hash: 74b9f6045021142c28af05c0d6cd1f75869044d78398ec724b84b7d1e6903ac5
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1315979A08B4299FB158B55E4452AD7371FFA8BC0F520036DAAE43690DF3DE4A8C701
                                                                                                                                                                                          Function 00007FF8F7A97B54 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                                                                                                                                                                          • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                                                                                                                                                                          • API String ID: 1135235387-1257235949
                                                                                                                                                                                          • Opcode ID: f630d60e7c6cc646122b2ca1b708a50a84b5ac44005cd5b452673061408953bf
                                                                                                                                                                                          • Instruction ID: 19886d8639a74f8c98650406cbaa8b04686be7a5f36a19d439d1b44ff7b4b11b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f630d60e7c6cc646122b2ca1b708a50a84b5ac44005cd5b452673061408953bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0116039A08A42EAFB049F15E8412BD7370FBA8BC5F510031DA6E476A4DF3CE464C300
                                                                                                                                                                                          Function 00007FF8E83B80C4 Relevance: 18.1, APIs: 12, Instructions: 71threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_H_freeThread_errno$Err_ErrnoFilenameFromHparamsM_read_ObjectPy_fopen_objR_clear_errorRestoreSaveWithX_ctrlfclose
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1346594628-0
                                                                                                                                                                                          • Opcode ID: c4500529bbf1d66d0729d8d62478b22c4200130e518ae63168defbe1391b1bbb
                                                                                                                                                                                          • Instruction ID: e363034e40d027aa01aa5ed480643080d4787fb82ea3ba3b6af75523edb75f5f
                                                                                                                                                                                          • Opcode Fuzzy Hash: c4500529bbf1d66d0729d8d62478b22c4200130e518ae63168defbe1391b1bbb
                                                                                                                                                                                          • Instruction Fuzzy Hash: A93161A5A19A428AE7159BA6E81476D73A0FF98FC5F4C4430CE4E47B24DF3CE845870A
                                                                                                                                                                                          Function 00007FF8E83B4BA0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$CallEnsureErr_ExceptionFunction_L_get_ex_dataObjectObject_RaisedSizeState_Weakref_
                                                                                                                                                                                          • String ID: Osiiiy#$read$write
                                                                                                                                                                                          • API String ID: 319021734-708132800
                                                                                                                                                                                          • Opcode ID: 932fa3d5539008d25f367e57b33088e22117d6bdf5957a52fccccb2519c98180
                                                                                                                                                                                          • Instruction ID: 55cd398a8795b5c7f5f423d60361c0c6f36acd85bcbfc3df359a0d1a89be0e5a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 932fa3d5539008d25f367e57b33088e22117d6bdf5957a52fccccb2519c98180
                                                                                                                                                                                          • Instruction Fuzzy Hash: 93418D72A08A459AE7698FA5AA1437C77A0FBA9FD0F084135CA5E43754DF3CEC40C30A
                                                                                                                                                                                          Function 00007FF8F7A95804 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                                                                                                                                                                          • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                                                                                                                                                                          • API String ID: 3532181676-2750947780
                                                                                                                                                                                          • Opcode ID: eb7920220ad90dff871de4a1b8073711b22e927aaec72bd8098bb99a282aa305
                                                                                                                                                                                          • Instruction ID: e5078fa09f20d612f6531fc4c7d50a756bd420ee4ca83d81e0fe0b9e9a6090fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb7920220ad90dff871de4a1b8073711b22e927aaec72bd8098bb99a282aa305
                                                                                                                                                                                          • Instruction Fuzzy Hash: C5313B76A18A429AFB148F25E48216E73B1FB94B85F110135EAAE43AE4DF3CD565CB00
                                                                                                                                                                                          Function 00007FF8E83B6088 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocEval_Thread$Err_FormatSave$ArgsCallObject_RestoreStringUnicode_memcpy
                                                                                                                                                                                          • String ID: password callback must return a string$password cannot be longer than %d bytes
                                                                                                                                                                                          • API String ID: 1551476282-1265974473
                                                                                                                                                                                          • Opcode ID: 3fb003765a841b25fe9b5330b516f66650540c7cc75a5aea4a3d43b0a1885f63
                                                                                                                                                                                          • Instruction ID: 761efc593bf8e175d8c74a3f49ea7bbb377db631aa73f5b735735a2bb0af8667
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fb003765a841b25fe9b5330b516f66650540c7cc75a5aea4a3d43b0a1885f63
                                                                                                                                                                                          • Instruction Fuzzy Hash: A3214FB1A08A029EEB159FA2E95437C33B0FB64BD1F1C4431DA0D43A56DF3CE8908746
                                                                                                                                                                                          Function 00007FF8E83B8A38 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_ArgumentErr_SizeStringUnicode_
                                                                                                                                                                                          • String ID: No cipher can be selected.$argument$embedded null character$set_ciphers$str
                                                                                                                                                                                          • API String ID: 4155279725-2765033273
                                                                                                                                                                                          • Opcode ID: 98b702244699962243b5c568d83c87f2a4625ce12441f469fd2c43cc0dd0c8b3
                                                                                                                                                                                          • Instruction ID: 9a42de893e517f6567c1bcefcadc7ac7cdef57b64bdf166a7a79d6acbe23ec93
                                                                                                                                                                                          • Opcode Fuzzy Hash: 98b702244699962243b5c568d83c87f2a4625ce12441f469fd2c43cc0dd0c8b3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 051190A0A08A4698EA04CB95E8502BD6320FF64BE1F5C4131CD1E13AA0DF3CEC85C30A
                                                                                                                                                                                          Function 00007FF8E83B293C Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                          • Opcode ID: edd2dffeb58312717817d9a95534815d5d46ae94dbed4835cd8b920937bfe9e7
                                                                                                                                                                                          • Instruction ID: 499975a65d9f0852e438597e4a22d6cbe99b0a52b23a8398c106a8a521c9da72
                                                                                                                                                                                          • Opcode Fuzzy Hash: edd2dffeb58312717817d9a95534815d5d46ae94dbed4835cd8b920937bfe9e7
                                                                                                                                                                                          • Instruction Fuzzy Hash: B781CFA0E0C6434EFA74ABEA94413BD6290AFB57C0F4C4639D90D477A6DF7CEC45860A
                                                                                                                                                                                          Function 00007FF8F93F1190 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                          • Opcode ID: af286a22ce1a6bda1b61a837db24d3b2e346c07a2ddf6b56baf4002088884885
                                                                                                                                                                                          • Instruction ID: e3c431e733ee366cb7419078c55698953eff96f1e82b5b7895dfe6f8fb6710a8
                                                                                                                                                                                          • Opcode Fuzzy Hash: af286a22ce1a6bda1b61a837db24d3b2e346c07a2ddf6b56baf4002088884885
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA816B20E08282DFFB689FA6AC412B92690AFA57C8F546135D92D476DEDF2FE4058600
                                                                                                                                                                                          Function 00007FF8F7A92A70 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                          • Opcode ID: f483b21f41d815f6d6d63f0a13c87fd0f68ae68320ff496c1413c579ba159f5c
                                                                                                                                                                                          • Instruction ID: f788bc8deebe0c83bb7d25a77a57bf5e62e8ec883e4fa3fe1096cbf335f06f88
                                                                                                                                                                                          • Opcode Fuzzy Hash: f483b21f41d815f6d6d63f0a13c87fd0f68ae68320ff496c1413c579ba159f5c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F81A06DE086439EFB54AB25A4432BD22F0AFA57C0F164039DA2D477DADF3CE8658300
                                                                                                                                                                                          Function 00007FF8E83B2348 Relevance: 16.6, APIs: 11, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Module_$FromModuleSpecTypeType_$State
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1138651315-0
                                                                                                                                                                                          • Opcode ID: 41c194cb2123381f833064b9bc5af866f3cd7aef87291e84ba91c7f636b1f97e
                                                                                                                                                                                          • Instruction ID: 6f3a0618c70d8d48a4514195880c2785df052f61c3707a937ac5f3d0491f7a10
                                                                                                                                                                                          • Opcode Fuzzy Hash: 41c194cb2123381f833064b9bc5af866f3cd7aef87291e84ba91c7f636b1f97e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66312EA5619B0389EA198F65A89036C23A0BF29BD1F0C5931CD5E07B55EF3CE815C609
                                                                                                                                                                                          Function 00007FF8E83B8F20 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$ArgumentErr_KeywordsL_get_finishedL_session_reusedSizeStringUnicode_Unpackstrcmp
                                                                                                                                                                                          • String ID: argument 'cb_type'$embedded null character$get_channel_binding$str$tls-unique
                                                                                                                                                                                          • API String ID: 2734880604-851902044
                                                                                                                                                                                          • Opcode ID: edcb4920d9a849ff7e982aa984b2fbf209d52d2ac9313d1a1b528e7b1d30b828
                                                                                                                                                                                          • Instruction ID: 7c04da1bb60578f64fd3d3122bd099f914ed0ffbc43e9abea2d6e0e53d6ebc9e
                                                                                                                                                                                          • Opcode Fuzzy Hash: edcb4920d9a849ff7e982aa984b2fbf209d52d2ac9313d1a1b528e7b1d30b828
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B31B3A1A09A429AEA119F95E4403BD7362BF64BD0F4C4132DE4D17BA4EF7CEC45C709
                                                                                                                                                                                          Function 00007FF8F7A96398 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_DeallocSizeStringTuple_$Arg_Err_FromPackParseResize
                                                                                                                                                                                          • String ID: negative buffersize in recvfrom$n|i:recvfrom
                                                                                                                                                                                          • API String ID: 3092067012-1867657612
                                                                                                                                                                                          • Opcode ID: cc238e99d0fac9a70905be5daf0240d15a5e1946d6d8ac169dca63a10d14bba3
                                                                                                                                                                                          • Instruction ID: 7cb849eb41b8f100af79d01a64f3a21b5d3aafca4417b1117181d29fa391f465
                                                                                                                                                                                          • Opcode Fuzzy Hash: cc238e99d0fac9a70905be5daf0240d15a5e1946d6d8ac169dca63a10d14bba3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A314B79A08B4299FF458F51E54126E63B2EFE8BC4F455035DA6E466A4DE3CE064C700
                                                                                                                                                                                          Function 00007FF8F7A976F4 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Arg_AuditFreeMem_ParseRestoreSaveSizeSys_Tuple_gethostbyname
                                                                                                                                                                                          • String ID: et:gethostbyname_ex$idna$socket.gethostbyname
                                                                                                                                                                                          • API String ID: 646687969-574663143
                                                                                                                                                                                          • Opcode ID: 1b740886b6738aaba9aa5bb91bedf8677015ab4b2178a898bcaa5ff613df4c82
                                                                                                                                                                                          • Instruction ID: 6d00d1f34e7c226dc4d4b9d96ef390544edf33c608def0ff6ec3811e4e2f5762
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b740886b6738aaba9aa5bb91bedf8677015ab4b2178a898bcaa5ff613df4c82
                                                                                                                                                                                          • Instruction Fuzzy Hash: BA216029618A829AFB108B12E8456AE73B0FBACBC0F460136DE6D43B98DF3CD055C700
                                                                                                                                                                                          Function 00007FF8E83BC318 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocErr_StringX_callback_ctrl
                                                                                                                                                                                          • String ID: not a callable object$sni_callback cannot be set on TLS_CLIENT context
                                                                                                                                                                                          • API String ID: 3136334877-1539510184
                                                                                                                                                                                          • Opcode ID: 0dc9595c2e076ef87848bf5a4183be91526627b6c45a376130d24c119a3a209b
                                                                                                                                                                                          • Instruction ID: 47a69872e8ab121dad26432e76f405b9ce4ac5e26668b8bca71f0db03a87beeb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0dc9595c2e076ef87848bf5a4183be91526627b6c45a376130d24c119a3a209b
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0214FB2A08506CAEB658FA5E49077C3360FFA4BD5F985031C90D47654DF3CE856D70A
                                                                                                                                                                                          Function 00007FF8F7A982F4 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$Arg_ErrnoFromParseSizeStringTuple_inet_pton
                                                                                                                                                                                          • String ID: illegal IP address string passed to inet_pton$is:inet_pton$unknown address family
                                                                                                                                                                                          • API String ID: 907464-903159468
                                                                                                                                                                                          • Opcode ID: 22d87f233f6faa8df35de5897c5be87a73b452d0f0958e157cd9045ec02199a0
                                                                                                                                                                                          • Instruction ID: ef6359ba0627504f2bfb804e36b07814eb1856b3dd167b620f8472220d390ef1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22d87f233f6faa8df35de5897c5be87a73b452d0f0958e157cd9045ec02199a0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9121EA3AA18942EAFB64DB15E8524BE3371FFA4BC4B924031D56E476E4DF2CE525C700
                                                                                                                                                                                          Function 00007FF8E83B2560 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FromInternStringUnicode_$Module_State
                                                                                                                                                                                          • String ID: library$reason$verify_code$verify_message
                                                                                                                                                                                          • API String ID: 1970222510-435783180
                                                                                                                                                                                          • Opcode ID: 0a929a86ffd422639b57b4a8856d4f39a5182a950222dd5da805b21a34f2b378
                                                                                                                                                                                          • Instruction ID: 95dd04772ab00814eb963f091fba4ba4bcb4f003ef8cc0f753a4674f940baaf0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a929a86ffd422639b57b4a8856d4f39a5182a950222dd5da805b21a34f2b378
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3601B4A1916F0389FE559BA498547BC33A0AF25791F4C0535C84D463E0EF3CAD98C31A
                                                                                                                                                                                          Function 00007FF8F7A96FC4 Relevance: 15.1, APIs: 10, Instructions: 60networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Long$Err_FromLong_Socketclosesocket$CurrentDuplicateHandleInformationOccurredProcessWindows
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3394293678-0
                                                                                                                                                                                          • Opcode ID: 082da6a003a8518f9d547eb5d1d19433b15b0b9dd103ceec2e01dcf7ac81c47b
                                                                                                                                                                                          • Instruction ID: 7cff00bc2c9391085ecc6edfaebe10d1800cef2f8bb5c7b2813862f24d2dfcef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 082da6a003a8518f9d547eb5d1d19433b15b0b9dd103ceec2e01dcf7ac81c47b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 28217929A1D64299FBA45B21AC1A37E2370BFE8BF0F050635D93E427D4DF3CE0248600
                                                                                                                                                                                          Function 00007FF8E7DE58E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_pushR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$P$ciphersuite_cb
                                                                                                                                                                                          • API String ID: 69574139-2656695495
                                                                                                                                                                                          • Opcode ID: 8bd2ce098569f48eb1f2f39b2204072eb6e807f436569e4bdcca165a7422d5fa
                                                                                                                                                                                          • Instruction ID: c84acdecea598b1b94a9194dad27c6d39e27aa3ce346c90d2d9811413bd8e102
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bd2ce098569f48eb1f2f39b2204072eb6e807f436569e4bdcca165a7422d5fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7511A251F0C54346F650A7A5EC523FD1261EF49BC4F900232E9ED42BEAEE1CE1048712
                                                                                                                                                                                          Function 00007FF8F93F2568 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                                                                                                                                          • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                                                                                                                                          • API String ID: 3320488554-3996108163
                                                                                                                                                                                          • Opcode ID: 0a082253e6777f62276fcf38ac5eede441174e35d500b13a193befc8f2a7e340
                                                                                                                                                                                          • Instruction ID: 495dfcd08578cbc1787e4b42850a97dc4a2b5eda63e42980cb36ff0bad1c656c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a082253e6777f62276fcf38ac5eede441174e35d500b13a193befc8f2a7e340
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F415B32A08A82CAEB189F15ED5413977A1EBA4BE8F115231DA6E477D8DF7EE450C700
                                                                                                                                                                                          Function 00007FF8E83B4524 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_L_is_init_finishedL_set_sessionN_freeString
                                                                                                                                                                                          • String ID: Cannot set session after handshake.$Cannot set session for server-side SSLSocket.$Session refers to a different SSLContext.$Value is not a SSLSession.
                                                                                                                                                                                          • API String ID: 2514955158-3160731334
                                                                                                                                                                                          • Opcode ID: 26da880024e77ee3d13415624a670d3700b5b041f0bf15c01f0c530dd1ebadcf
                                                                                                                                                                                          • Instruction ID: 606a6ff4af98ecc73ed41106c67a2f4332d54239d32f1a972f701abdc9ea7518
                                                                                                                                                                                          • Opcode Fuzzy Hash: 26da880024e77ee3d13415624a670d3700b5b041f0bf15c01f0c530dd1ebadcf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 03214DA1A08E4295EB14DB96D95427D2360FFA4BC4F5C4032DA0D476A4DF3CEC95C30E
                                                                                                                                                                                          Function 00007FF8E83BA32C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                          • String ID: argument 'store_name'$embedded null character$enum_certificates$str
                                                                                                                                                                                          • API String ID: 2966986319-2881692381
                                                                                                                                                                                          • Opcode ID: 2c1c74d6f274afb07836940be1b09bab5b900d7efe6a2e02d735950682aec4c6
                                                                                                                                                                                          • Instruction ID: 8381464b95118855aa859cb55271228bd747b04ab5ff1ee500dc577cbf86ce42
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c1c74d6f274afb07836940be1b09bab5b900d7efe6a2e02d735950682aec4c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: D32181A1A4AB4299EE118F94E44837D73A1FF647D0F484135D95D037A4EF3CE845D70A
                                                                                                                                                                                          Function 00007FF8E83BC1F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Long$Arg_Long_OccurredParse_SizeUnsignedWarnX_clear_optionsX_get_optionsX_set_options
                                                                                                                                                                                          • String ID: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
                                                                                                                                                                                          • API String ID: 226671855-2795599882
                                                                                                                                                                                          • Opcode ID: dae781c8cf728b3230be2e4fb1a28a8e7d343902e032c0b74d3aa0206a5b94f1
                                                                                                                                                                                          • Instruction ID: 5562036bae5d42a339ac616e69e4864929492be0c4edfe8c99ba766e8bc9cc1d
                                                                                                                                                                                          • Opcode Fuzzy Hash: dae781c8cf728b3230be2e4fb1a28a8e7d343902e032c0b74d3aa0206a5b94f1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E2151A5B09A0285EE258BD1E9443AD6361FF68BE1F1C4231DE2E4B794DF3CEC418305
                                                                                                                                                                                          Function 00007FF8E83B9420 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_ParseSizeTuple_$Buffer_Err_ReleaseStringmemset
                                                                                                                                                                                          • String ID: _ssl._SSLSocket.read requires 1 to 2 arguments$n:read$nw*:read
                                                                                                                                                                                          • API String ID: 2062789907-3684439920
                                                                                                                                                                                          • Opcode ID: da05b112f70e1f79f23f573a376e112419a36d572ac2130aa2a287cfe0ab2924
                                                                                                                                                                                          • Instruction ID: f6642505a26ec50ac4c55717d7d5baa954628a40ee726a9f5649403dd83d4057
                                                                                                                                                                                          • Opcode Fuzzy Hash: da05b112f70e1f79f23f573a376e112419a36d572ac2130aa2a287cfe0ab2924
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A21D3A2718A4699EB20CBA6E8443AD6361FB98BD0F598032CE4D43760DF3CDD45C705
                                                                                                                                                                                          Function 00007FF8E83BA6C4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                          • String ID: argument 'store_name'$embedded null character$enum_crls$str
                                                                                                                                                                                          • API String ID: 2966986319-2641223161
                                                                                                                                                                                          • Opcode ID: 1b857e9ef1570909da9c086d9443addec54f6e074fe9e0f191e0d796dc7a9a6a
                                                                                                                                                                                          • Instruction ID: 0c50329deeec32e0ce835685b3e8ba03f42eaf2b9a31049809bc3f06d3835e0d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b857e9ef1570909da9c086d9443addec54f6e074fe9e0f191e0d796dc7a9a6a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7219CA1A4EB0299EE119B94E44976D63A1FF64BD0F480232D95E037A4EF3CE844C70A
                                                                                                                                                                                          Function 00007FF8E83B92C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SSL_is_init_finished.LIBSSL-3(?,?,00000000,00007FF8E83B929E), ref: 00007FF8E83B92D8
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,00000000,00007FF8E83B929E), ref: 00007FF8E83B92F3
                                                                                                                                                                                          • SSL_get1_peer_certificate.LIBSSL-3(?,?,00000000,00007FF8E83B929E), ref: 00007FF8E83B9301
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_L_get1_peer_certificateL_is_init_finishedString
                                                                                                                                                                                          • String ID: handshake not done yet
                                                                                                                                                                                          • API String ID: 1333720006-2620869922
                                                                                                                                                                                          • Opcode ID: 38a0ad1c7fa110c5807a6e613a66c888458524ca2805a92fad6d7fbdb8b1eb34
                                                                                                                                                                                          • Instruction ID: bb3e073e14482607b10ada156a97c5bd68e377a98ee7750cb9b9014ba6cd243a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 38a0ad1c7fa110c5807a6e613a66c888458524ca2805a92fad6d7fbdb8b1eb34
                                                                                                                                                                                          • Instruction Fuzzy Hash: 931151A1A0DA0289EE158BA6E85427C6361FFA8FC5F0C0031DE1E87764EF3CEC518309
                                                                                                                                                                                          Function 00007FF8E83B9034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_Err_FormatFromL_get_finishedL_get_peer_finishedL_session_reusedSizeStringstrcmp
                                                                                                                                                                                          • String ID: '%s' channel binding type not implemented$tls-unique
                                                                                                                                                                                          • API String ID: 797867279-2744131590
                                                                                                                                                                                          • Opcode ID: e44b0a2e532e5e7c3d98223361ccc7bef548d7bfe0d88144a4ed6e306b6d6ab8
                                                                                                                                                                                          • Instruction ID: 516b0f42f3f9511c707aec3ae15e003657a492a99cbae79655c84376641702ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: e44b0a2e532e5e7c3d98223361ccc7bef548d7bfe0d88144a4ed6e306b6d6ab8
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE1196A1B08A0289EB619BA5E8503BE7361FFA8BC0F4C4031CE4D47655DF3CEC548346
                                                                                                                                                                                          Function 00007FF8F7A9848C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 48timeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                                                                                                                                                                          • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                                                                                                                                                                          • API String ID: 4240314503-2798848688
                                                                                                                                                                                          • Opcode ID: 69ae64ece5866c8e80278f97dbbc83547c3892e20626b251b8ef9986b9ebed22
                                                                                                                                                                                          • Instruction ID: b1a1e595de90fd3e6ee83db2831350f20610029ca509e5d72f8d426903fc0638
                                                                                                                                                                                          • Opcode Fuzzy Hash: 69ae64ece5866c8e80278f97dbbc83547c3892e20626b251b8ef9986b9ebed22
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2111F29B19A029AFB119B65E85227D2274BFE4BE0F124135D93E877D4DF6CE5748300
                                                                                                                                                                                          Function 00007FF8E83B6F70 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                          • String ID: _set_alpn_protocols$argument$contiguous buffer
                                                                                                                                                                                          • API String ID: 365628853-4024966138
                                                                                                                                                                                          • Opcode ID: ad3f23fc3b2156ff09c544d46c468c6f083725901edd3a2827025548bb67503a
                                                                                                                                                                                          • Instruction ID: 3621ec4113a8504192b5388c05e5fb98ea9a7ac4dba052ed464384bdae19ee38
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad3f23fc3b2156ff09c544d46c468c6f083725901edd3a2827025548bb67503a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B911B2A2B08A4695EB10CF65E8443BD63A0FBA8BC4F588131DD4D53664EF3CDE46C705
                                                                                                                                                                                          Function 00007FF8E83B9D0C Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                          • String ID: argument$contiguous buffer$write
                                                                                                                                                                                          • API String ID: 365628853-2056178395
                                                                                                                                                                                          • Opcode ID: 682a912850345719fc058a8924acacc9d0517db3f9fe36c0e28ba020dde1575e
                                                                                                                                                                                          • Instruction ID: 4178d7f3b8159f2054b4fa9177b1f705571aae187b84082cd8f7891f2731c7c3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 682a912850345719fc058a8924acacc9d0517db3f9fe36c0e28ba020dde1575e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1011E6A2B08A8295EB10DB66E8443BD63A1FBA8BC4F488135DD4C43624EF7CDD45C705
                                                                                                                                                                                          Function 00007FF8E83B6AD0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_Releasememset
                                                                                                                                                                                          • String ID: argument$contiguous buffer$write
                                                                                                                                                                                          • API String ID: 365628853-2056178395
                                                                                                                                                                                          • Opcode ID: 4f5034d2749b09da792505c1c7c19e25107f2b02d75bd78f599696a99596cb7a
                                                                                                                                                                                          • Instruction ID: 9be691c802f9d60416c2f692ad45b62368a2821721e5f1c121ce6210a1b2be05
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f5034d2749b09da792505c1c7c19e25107f2b02d75bd78f599696a99596cb7a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1411B2A2B08A4695EB10CB66E8943BD73B0FBA8BC4F588131D94D43664EF3CDE45C705
                                                                                                                                                                                          Function 00007FF8E83B6BC4 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PyErr_Format.PYTHON312(?,?,?,?,00000000,00007FF8E83B6B52), ref: 00007FF8E83B6BEA
                                                                                                                                                                                          • PyType_GetModule.PYTHON312(?,?,?,?,00000000,00007FF8E83B6B52), ref: 00007FF8E83B6C02
                                                                                                                                                                                          • PyModule_GetState.PYTHON312(?,?,?,?,00000000,00007FF8E83B6B52), ref: 00007FF8E83B6C10
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,00000000,00007FF8E83B6B52), ref: 00007FF8E83B6C21
                                                                                                                                                                                          • BIO_write.LIBCRYPTO-3(?,?,?,?,00000000,00007FF8E83B6B52), ref: 00007FF8E83B6C34
                                                                                                                                                                                          • PyType_GetModuleState.PYTHON312(?,?,?,?,00000000,00007FF8E83B6B52), ref: 00007FF8E83B6C42
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B6554: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FF8E83B656C
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B6554: ERR_clear_error.LIBCRYPTO-3 ref: 00007FF8E83B6595
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_ModuleStateType_$FormatModule_O_writeR_clear_errorR_peek_last_errorString
                                                                                                                                                                                          • String ID: cannot write() after write_eof()$string longer than %d bytes
                                                                                                                                                                                          • API String ID: 11717643-118187971
                                                                                                                                                                                          • Opcode ID: 2f9341e864bda6ab891f4377d989a8365daa4ae2390f1274a960c2a5f1330c32
                                                                                                                                                                                          • Instruction ID: 3914780a51eba304600dd724af2a91362d2d8f19256bb18719dc344d229e7e6d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f9341e864bda6ab891f4377d989a8365daa4ae2390f1274a960c2a5f1330c32
                                                                                                                                                                                          • Instruction Fuzzy Hash: 351160E1A199028AEB199BA6D86437C23A0EBA4BD5F184430C91D476B1DF3CEC86C705
                                                                                                                                                                                          Function 00007FF8E83B7020 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Mem_$FormatFreeMallocMemory
                                                                                                                                                                                          • String ID: protocols longer than %u bytes
                                                                                                                                                                                          • API String ID: 2903777688-895981740
                                                                                                                                                                                          • Opcode ID: 46ee2d9bcaab9d4a1318ab5e82a59ee56cb2a210becc163321b782ec9ed80777
                                                                                                                                                                                          • Instruction ID: d06172d13f692d6bc821348baf49af8dcdd31e8bc27ad87679dadbeff3d07c8b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 46ee2d9bcaab9d4a1318ab5e82a59ee56cb2a210becc163321b782ec9ed80777
                                                                                                                                                                                          • Instruction Fuzzy Hash: D21121E5A08B02CAEB159FA6E84026C2360FB68FD5F180431CE1D47754DF3CD860C345
                                                                                                                                                                                          Function 00007FF8F7A95578 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 37threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$Eval_ExceptionThread$MatchesRaisedResourceRestoreSaveUnraisableWarningWriteclosesocket
                                                                                                                                                                                          • String ID: unclosed %R
                                                                                                                                                                                          • API String ID: 1660182617-2306019038
                                                                                                                                                                                          • Opcode ID: 22af9ee66539c4f4bd6f295781fecbb485c16e4539d69cf45f6a771bb75a1004
                                                                                                                                                                                          • Instruction ID: 26138f4383d674993b7828abbd38a049438b18afcff9da629f1cd71a18d1a87a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22af9ee66539c4f4bd6f295781fecbb485c16e4539d69cf45f6a771bb75a1004
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C010929A08B42AAFB149F26A8061AD2371FB98BF4B051331DD7A437D5CF3CE465C300
                                                                                                                                                                                          Function 00007FF8F7A97AD0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_getprotobyname
                                                                                                                                                                                          • String ID: protocol not found$s:getprotobyname
                                                                                                                                                                                          • API String ID: 862796068-630402058
                                                                                                                                                                                          • Opcode ID: 20e92bcdc5a6bf796a0c575b92b1ea2792dd02352b770ca9af741cf4e87d6f3b
                                                                                                                                                                                          • Instruction ID: b9dedcaa87cfd3babdbb17bd9e2daa82bddd4746a4556ad8896a963ddb05e403
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20e92bcdc5a6bf796a0c575b92b1ea2792dd02352b770ca9af741cf4e87d6f3b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 00017129A08A42AAFB048B15E94617D73B0FFE8BC0B450035CA6E43794DF2CE464C300
                                                                                                                                                                                          Function 00007FF8F7A980A4 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                                                                                                                                                                          • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                                                                                                                                                                          • API String ID: 717551241-4110412280
                                                                                                                                                                                          • Opcode ID: a384b1c18b1fe547b234f0ff0f7107c80f5dc6bad403635784b8199873b5950c
                                                                                                                                                                                          • Instruction ID: f05f6bb2f7eab3de205b64dbdd27a6f2dd8250f3e373b60d6f13be13e4a3a9e5
                                                                                                                                                                                          • Opcode Fuzzy Hash: a384b1c18b1fe547b234f0ff0f7107c80f5dc6bad403635784b8199873b5950c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05017168A0C903A9FB509B24E8820BD23B1BFE17D0F520131D63D861F4DF2DD4698700
                                                                                                                                                                                          Function 00007FF8F7A98124 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_ReleaseString$Arg_Err_FromParseSizeTuple_Unicode_inet_ntoa
                                                                                                                                                                                          • String ID: packed IP wrong length for inet_ntoa$y*:inet_ntoa
                                                                                                                                                                                          • API String ID: 1492101624-3027498899
                                                                                                                                                                                          • Opcode ID: f8f5bf3091dbe3635978bf27e499c0e1fb161ba99a90b4e6e94cc674fb1bf67d
                                                                                                                                                                                          • Instruction ID: f586ccba3a7f8bdcc8cd01a61500fb906cdc7b71dff65388ff246b9a6997a34d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f5bf3091dbe3635978bf27e499c0e1fb161ba99a90b4e6e94cc674fb1bf67d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6901E539A08A42DAFB119F14E8850AD33B0FBE8BC5F550135D69E436A4DF3CD569C701
                                                                                                                                                                                          Function 00007FF8F7A91060 Relevance: 13.6, APIs: 9, Instructions: 93COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConditionMask$Dealloc$DictDict_FromInfoModule_StringUnicode_VerifyVersion
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1463663611-0
                                                                                                                                                                                          • Opcode ID: 52014d617bdbf1a23e849bdeaec756294a92b9dcc7fe6566fb8264fe441ab811
                                                                                                                                                                                          • Instruction ID: 8fc265f9863109f2401cbfdcc4c94febc230dd5d1b54091bafdbf14fee5c88ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 52014d617bdbf1a23e849bdeaec756294a92b9dcc7fe6566fb8264fe441ab811
                                                                                                                                                                                          • Instruction Fuzzy Hash: 05319A29A09A4299FB60CB21E85A7AD73B0BBA4BD0F464139DD2E427D4DE3CE155C700
                                                                                                                                                                                          Function 00007FF8F7A94EC8 Relevance: 13.6, APIs: 9, Instructions: 91COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$ErrorFromLastLongclosesocket$CheckHandleInformationLong_SignalsStringWindowsmemset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 205095079-0
                                                                                                                                                                                          • Opcode ID: 8044f57bbff59e510fddc694dbc072db80b18d29190123871902c4cdcf1c7b6c
                                                                                                                                                                                          • Instruction ID: 415acab0775077651c8bc00bdfc998262888bb1781384e17be61e58e158e839c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8044f57bbff59e510fddc694dbc072db80b18d29190123871902c4cdcf1c7b6c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5041123AA08B8289FB649B21E4463BE63B4EF99BC4F064035DA5D07AD5EF3CD060C740
                                                                                                                                                                                          Function 00007FF8E83B98AC Relevance: 13.6, APIs: 9, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$DeallocFromL_get_ciphersL_get_client_ciphersL_sk_findL_sk_valueList_LongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1361062010-0
                                                                                                                                                                                          • Opcode ID: 8d43d753239fc009c9fa4859941b0b781b8b6df889e0fce9f919d93fdbde2304
                                                                                                                                                                                          • Instruction ID: fb9859b1f4242b3bf2645af9f7b575791c16e8a28c457014ba086354e8865e97
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d43d753239fc009c9fa4859941b0b781b8b6df889e0fce9f919d93fdbde2304
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78314BA1A09B4689EA598BA2A85433C73E5EF68FD2F0C0434CD4E47754EF3CEC41834A
                                                                                                                                                                                          Function 00007FF8E83B7814 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_num$L_freeL_get_ciphersL_newL_sk_valueList_R_clear_errorR_peek_last_error
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 722909353-0
                                                                                                                                                                                          • Opcode ID: a82115b65af80b348c827520ac56405b23d42b3bc532ec899795097ae4e3dfd1
                                                                                                                                                                                          • Instruction ID: 190a7ea713db1620f9776bdacaef1712ac6e557658186e888aad385863685eef
                                                                                                                                                                                          • Opcode Fuzzy Hash: a82115b65af80b348c827520ac56405b23d42b3bc532ec899795097ae4e3dfd1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 36215161E19B468AEA199FA6E85527D63A4EF98FC1F0C0034DE0E87750DF3CE845C30A
                                                                                                                                                                                          Function 00007FF8E7DD18E3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition$ossl_statem_client_write_transition
                                                                                                                                                                                          • API String ID: 193678381-362363770
                                                                                                                                                                                          • Opcode ID: ebc1c5625a5d5611f4196fcf6443a3f5d9a964356a2d1512b6ac45e65ca4908f
                                                                                                                                                                                          • Instruction ID: b4945b40bbbfcada0737c4c3f8fdc58d7c2361bf8c2cc130d6214f30ae93b4b0
                                                                                                                                                                                          • Opcode Fuzzy Hash: ebc1c5625a5d5611f4196fcf6443a3f5d9a964356a2d1512b6ac45e65ca4908f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A210522F1CA4392E700D795E881BBC2361FB55BC4F548231DAAC877A5CE7DE491C702
                                                                                                                                                                                          Function 00007FF8E83B6EA4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$CheckErr_KeywordsLong_ModuleModule_OccurredPositionalStateType_
                                                                                                                                                                                          • String ID: _SSLContext
                                                                                                                                                                                          • API String ID: 3264916389-1468230856
                                                                                                                                                                                          • Opcode ID: 86af39d5af9c0ecb34ed31492987183d0a606428a2856f0b632152e044bff220
                                                                                                                                                                                          • Instruction ID: 98dba1bed46563def7c9ccd8556c3c3901e6d9e032bac5bd2cbaa16c70aaad9c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86af39d5af9c0ecb34ed31492987183d0a606428a2856f0b632152e044bff220
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F2181B1B09E428AEA509BA2E9443BD63A1AF64FD0F1C4430ED1D43B65EF3CDC918309
                                                                                                                                                                                          Function 00007FF8E7E3D835 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushR_newR_set_debugX509_
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$parse_ca_names
                                                                                                                                                                                          • API String ID: 3454744561-1744826974
                                                                                                                                                                                          • Opcode ID: d813f42771a72e9f631b7eb9756f37363fad49aecb3301005380f2ff4cc17186
                                                                                                                                                                                          • Instruction ID: 385e8d1378d94268298630262f6c8eb7fd0721fed9e1d5d0287703a2a1fa07ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: d813f42771a72e9f631b7eb9756f37363fad49aecb3301005380f2ff4cc17186
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76015E11B0D64364F641ABA6FC12BAF6760AF84BC4F844431EDAD03BA6EE3CE5458752
                                                                                                                                                                                          Function 00007FF8F7A96144 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                                                                                                                                                                          • String ID: negative buffersize in recv$n|i:recv
                                                                                                                                                                                          • API String ID: 1342606314-3647384195
                                                                                                                                                                                          • Opcode ID: 0a359e9a2a4ffce4983f1e799e8c5e380ad5416f7968c8d13c480c45c7984eaf
                                                                                                                                                                                          • Instruction ID: 1ac6a620abf3a35d65dd841397f30b87dad2d7d43766042da250ad8890825a1d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a359e9a2a4ffce4983f1e799e8c5e380ad5416f7968c8d13c480c45c7984eaf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 13116A69A08A42DAFB158B51E8021BEA371FFA4BC4F111036D96D477E4DF7CE064C700
                                                                                                                                                                                          Function 00007FF8E83BAD88 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: E_print_exErr_O_freeO_newO_s_memStringX509_
                                                                                                                                                                                          • String ID: failed to allocate BIO$strict
                                                                                                                                                                                          • API String ID: 220268057-2811890329
                                                                                                                                                                                          • Opcode ID: ce8e7d795a2d1df909938c6d9db439484f501b84fde87c7d8d53e79d283e6be0
                                                                                                                                                                                          • Instruction ID: 30bd5bb736132ebaa4d25f8487b3b22e14a485687f6c08de4154e070a9072325
                                                                                                                                                                                          • Opcode Fuzzy Hash: ce8e7d795a2d1df909938c6d9db439484f501b84fde87c7d8d53e79d283e6be0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C1191A1B08B5289FA149B66B80826EA360BFA9FC1F4C4031DD4D47B15DF7CE8458709
                                                                                                                                                                                          Function 00007FF8E83B1E08 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E2A
                                                                                                                                                                                          • OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E3C
                                                                                                                                                                                          • OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E47
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E98: OBJ_obj2txt.LIBCRYPTO-3 ref: 00007FF8E83B1EDD
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E98: PyUnicode_FromStringAndSize.PYTHON312 ref: 00007FF8E83B1F03
                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E75
                                                                                                                                                                                          • PyErr_Format.PYTHON312(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B3781
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Size$BuildErr_FormatFromJ_nid2lnJ_nid2snJ_obj2nidJ_obj2txtStringUnicode_Value_
                                                                                                                                                                                          • String ID: Unknown object$issN
                                                                                                                                                                                          • API String ID: 1805764990-847857892
                                                                                                                                                                                          • Opcode ID: 054e80bbec5b983000d34ac0db1949c59197b99b208450ff4a47f4b91bd1f376
                                                                                                                                                                                          • Instruction ID: 36a6c66655438995163ad441cb02cc53e2071a507111033266832116513169a8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 054e80bbec5b983000d34ac0db1949c59197b99b208450ff4a47f4b91bd1f376
                                                                                                                                                                                          • Instruction Fuzzy Hash: 131161A5B08B5289EB149BA2E80426DB7A0FB98FD1F5C4031DE4D87725DF7CE845C709
                                                                                                                                                                                          Function 00007FF8E83BAC00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,00000000,00007FF8E83BABE9), ref: 00007FF8E83BAC29
                                                                                                                                                                                          • OBJ_nid2obj.LIBCRYPTO-3(?,?,00000000,00007FF8E83BABE9), ref: 00007FF8E83BAC35
                                                                                                                                                                                          • PyErr_Format.PYTHON312(?,?,00000000,00007FF8E83BABE9), ref: 00007FF8E83BAC57
                                                                                                                                                                                          • PyModule_GetState.PYTHON312(?,?,00000000,00007FF8E83BABE9), ref: 00007FF8E83BAC62
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E2A
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E3C
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E47
                                                                                                                                                                                            • Part of subcall function 00007FF8E83B1E08: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FF8E83B1DE6), ref: 00007FF8E83B1E75
                                                                                                                                                                                          • ASN1_OBJECT_free.LIBCRYPTO-3(?,?,00000000,00007FF8E83BABE9), ref: 00007FF8E83BAC79
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$BuildFormatJ_nid2lnJ_nid2objJ_nid2snJ_obj2nidModule_SizeStateStringT_freeValue_
                                                                                                                                                                                          • String ID: NID must be positive.$unknown NID %i
                                                                                                                                                                                          • API String ID: 278606715-2656559464
                                                                                                                                                                                          • Opcode ID: 144c9687f2d5b94253ad1e23c09d3f34cba6cb56be82036c91533249e1bb0322
                                                                                                                                                                                          • Instruction ID: 0366e3f3ba6eb4fd7b0d2705bb3a79530e2b1d0868c3f94a0983938e82ec19a0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 144c9687f2d5b94253ad1e23c09d3f34cba6cb56be82036c91533249e1bb0322
                                                                                                                                                                                          • Instruction Fuzzy Hash: 720184A0B0DA0389EA059BA6E85427D6361BFA8BD5F5C4030DD1E87B24DF3CEC458306
                                                                                                                                                                                          Function 00007FF8E83B68E4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_O_ctrlO_freeO_newO_s_memO_set_flagsString
                                                                                                                                                                                          • String ID: failed to allocate BIO
                                                                                                                                                                                          • API String ID: 68942223-3472608418
                                                                                                                                                                                          • Opcode ID: 099fc9f6f8c7202848891377e4dd8d263010b7b822cf86d06c7f12387ba925cd
                                                                                                                                                                                          • Instruction ID: 2fbfa35651dbb0a8c98294c1a2efd03e6bfd8c7dc03a4069a641b47e9ff7aa8e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 099fc9f6f8c7202848891377e4dd8d263010b7b822cf86d06c7f12387ba925cd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 980140A1B08A038AEB599BA5B51437D63A1EFA9BD6F185030C95E0A751DF3CD8448305
                                                                                                                                                                                          Function 00007FF8F7A9801C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_DeallocErr_ParseSizeStringTuple_if_nametoindex
                                                                                                                                                                                          • String ID: O&:if_nametoindex$no interface with this name
                                                                                                                                                                                          • API String ID: 3052430728-3835682882
                                                                                                                                                                                          • Opcode ID: d7e8e3901afeb6153836810e57d43a55875c1424b01e6df1118dcd0e93bd9e3a
                                                                                                                                                                                          • Instruction ID: dfdac6dbede77c3c419fdd9ef1e04398d3e5ac562c3e3b4cb6e0fe6635ab29c3
                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e8e3901afeb6153836810e57d43a55875c1424b01e6df1118dcd0e93bd9e3a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B4014C79A08A0299FB549F21E8821BD33B0BFA8BC5F420535C66E822E0CE3DE474C300
                                                                                                                                                                                          Function 00007FF8F7A97D7C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                                                                                                                                          • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                                                                                                                                                                          • API String ID: 1102113319-997571130
                                                                                                                                                                                          • Opcode ID: 36cb6b36a595338fecde009dda6759bcf69e474850c10647500bdb103871726e
                                                                                                                                                                                          • Instruction ID: fdb8029d6e3bda2ccd393330f4a602ffe0022f6e4dcf30f929b35d13cc39b2dd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 36cb6b36a595338fecde009dda6759bcf69e474850c10647500bdb103871726e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF01D6DA0D503E9FB598B15E8921BC2370BFA8BC1F920436C52E465D0DF2CE538C720
                                                                                                                                                                                          Function 00007FF8F7A98424 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25networkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                                                                                                                                          • String ID: i:ntohs$ntohs: Python int too large to convert to C 16-bit unsigned integer$ntohs: can't convert negative Python int to C 16-bit unsigned integer
                                                                                                                                                                                          • API String ID: 1102113319-2476431691
                                                                                                                                                                                          • Opcode ID: b05f0203fc745543efecf6bff98ddb69fadba5d7bae0cdd6666071022bcba3dd
                                                                                                                                                                                          • Instruction ID: 44df65c6e7294b6d8e5af376db281a28178d981972f97af04ba3fc4b6d4cbecf
                                                                                                                                                                                          • Opcode Fuzzy Hash: b05f0203fc745543efecf6bff98ddb69fadba5d7bae0cdd6666071022bcba3dd
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F0F96DA08603ADFB588B15E89207D2370BFE4BC5F920076C53E861D8DE2CE478D340
                                                                                                                                                                                          Function 00007FF8E83BB2CC Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: From$StringUnicode_$DeallocLongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4201023408-0
                                                                                                                                                                                          • Opcode ID: 85569380e4ab9dea76f24ae7a51140bb9f486206f4463eaf6daf5f8cce770df2
                                                                                                                                                                                          • Instruction ID: 0887260005b502fe1abdf69bf5bd9b09447caba2d99bc793114a13aca6b447ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85569380e4ab9dea76f24ae7a51140bb9f486206f4463eaf6daf5f8cce770df2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1721C1B1A0A7068EEF5A8F95A85437D23A0AF69BC5F0C4038C90E47354DF3CAC40870A
                                                                                                                                                                                          Function 00007FF8E83B4144 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Object_$L_freeTrack
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 970091570-0
                                                                                                                                                                                          • Opcode ID: 9d08f1cb451ef61d469e5ba042f967cc6ead93f77f6657192b19c257af3ad114
                                                                                                                                                                                          • Instruction ID: 60f1287479fee37ae07b944e9122d6579d9653a12d2027fa0bcc3e442ec7ff23
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d08f1cb451ef61d469e5ba042f967cc6ead93f77f6657192b19c257af3ad114
                                                                                                                                                                                          • Instruction Fuzzy Hash: E821E9B6E0A61299FA5A9FB5DA4437C33A0FF74FD6F1C5530CA0A415908F3DE891830A
                                                                                                                                                                                          Function 00007FF8E7DD18A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_retransmit_message
                                                                                                                                                                                          • API String ID: 152836652-3409696843
                                                                                                                                                                                          • Opcode ID: cf964a87ae5538d1b1fef6ed3e891ae559832003b90ea3e1445d44a91628c1b8
                                                                                                                                                                                          • Instruction ID: f7e4274f688e607d6a34728eac4efb70d9035050c8773b91d208c8bc1d4c6d06
                                                                                                                                                                                          • Opcode Fuzzy Hash: cf964a87ae5538d1b1fef6ed3e891ae559832003b90ea3e1445d44a91628c1b8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F516836704B8592D798DB65E4807AE77A8FB88B80F514126EFAC83755DF3DE0A0C701
                                                                                                                                                                                          Function 00007FF8E83B70CC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$ArgumentKeywordsObject_SubtypeTrueType_Unpack
                                                                                                                                                                                          • String ID: _wrap_bio$argument 'incoming'$argument 'outgoing'
                                                                                                                                                                                          • API String ID: 2315463680-586963342
                                                                                                                                                                                          • Opcode ID: cb6c38249e1b9907b4c070891aa3a6ec84359e4975e47087dd7ed0d0272d77f8
                                                                                                                                                                                          • Instruction ID: 0c6d3f89ffa9c185c5a8157e273602e9e0de162160de6e011c9ea21692890444
                                                                                                                                                                                          • Opcode Fuzzy Hash: cb6c38249e1b9907b4c070891aa3a6ec84359e4975e47087dd7ed0d0272d77f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541A0A2B09A429BEA65CF82E94076D63A0FB68BD0F480432DE4C47B54DF3CE855C309
                                                                                                                                                                                          Function 00007FF8E83B1E98 Relevance: 10.6, APIs: 7, Instructions: 91COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: J_obj2txt$FromMallocMem_SizeStringUnicode_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2822617359-0
                                                                                                                                                                                          • Opcode ID: c7b4ea53bb0a0e9bbd4d5e80a3456c2a2d39cb0eb13f42a8790b7ca3fc004547
                                                                                                                                                                                          • Instruction ID: 02b1a439013ce44144c44bdef932619b7c6dbb8b00cb2322374e1c49f9548570
                                                                                                                                                                                          • Opcode Fuzzy Hash: c7b4ea53bb0a0e9bbd4d5e80a3456c2a2d39cb0eb13f42a8790b7ca3fc004547
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3531C6A1B1C6524EFB619BA6A8147BE6390AF98BC5F0C4031DD0E87755DF3CE809C70A
                                                                                                                                                                                          Function 00007FF8E83B3C54 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_N_get_id$ArgumentCallInternalmemcmp
                                                                                                                                                                                          • String ID: D:\a\1\s\Modules\_ssl.c
                                                                                                                                                                                          • API String ID: 2709062062-132925792
                                                                                                                                                                                          • Opcode ID: 9db5c99349fe3d64672c0fa5f3480ac237f6dbbec3f2df2c958b59aadd177eae
                                                                                                                                                                                          • Instruction ID: bc9068af72144f26bc1677f1c5c80370f3bc7cc3fe970d6d94e423d2ebaa260d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9db5c99349fe3d64672c0fa5f3480ac237f6dbbec3f2df2c958b59aadd177eae
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA314DA1E0D6A68AEA588B95D45437DE2E1FF64BC1F1C0039D90E477B8DF6DEC41830A
                                                                                                                                                                                          Function 00007FF8E83B6A08 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Bytes_O_ctrl_pending$DeallocFromModuleO_readResizeSizeStateStringType_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3878297189-0
                                                                                                                                                                                          • Opcode ID: 9b4f5333a20a07bdaec2983bf0d842509d7bbe745861b71affe0d4671e537565
                                                                                                                                                                                          • Instruction ID: 990111043d5573b8518fe3c30cba873a56f099cedb89c22c5692dcc7be1a7ec7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b4f5333a20a07bdaec2983bf0d842509d7bbe745861b71affe0d4671e537565
                                                                                                                                                                                          • Instruction Fuzzy Hash: 962183E1B08E4286EF158BA5E85427E63A0FFA4BC5F2C8435CA0D42695FF3DEC448705
                                                                                                                                                                                          Function 00007FF8E83BC3FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X509_$Arg_M_clear_flagsM_get_flagsM_set_flagsParse_SizeX_get0_param
                                                                                                                                                                                          • String ID: i
                                                                                                                                                                                          • API String ID: 3791563005-2337783468
                                                                                                                                                                                          • Opcode ID: 8c595618f0c1f45cdea97cf88105313ad5ecbf2325d95aac1106c37625e801c1
                                                                                                                                                                                          • Instruction ID: c7d46b1eaabff5a894957fbc1fe9d4c8a2a21acc7cdd1a618ac2fa59a5f4250a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c595618f0c1f45cdea97cf88105313ad5ecbf2325d95aac1106c37625e801c1
                                                                                                                                                                                          • Instruction Fuzzy Hash: F011E6A5B0C7428AF7218BD2E44037E63A0BFA4BE1F084131DA4D47758DF7CE9068709
                                                                                                                                                                                          Function 00007FF8E83B8B60 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConverterDeallocErr_FormatJ_sn2nidR_clear_errorR_peek_last_errorUnicode_X_ctrl
                                                                                                                                                                                          • String ID: unknown elliptic curve name %R
                                                                                                                                                                                          • API String ID: 3792718242-553976147
                                                                                                                                                                                          • Opcode ID: 3ffc385aee5f12f1c24036d278583834d7fb4f2257b4083ea59ea595e81ecdd6
                                                                                                                                                                                          • Instruction ID: b245d45e28e85ed165dc9bf1bd528bd5f43a55d8bd0e2bc352aa56fd82250cc6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ffc385aee5f12f1c24036d278583834d7fb4f2257b4083ea59ea595e81ecdd6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 111130F1A089469AEB14CFB5E84437DB360FBA4BD9F184031DA4D82A64DF7CD885870A
                                                                                                                                                                                          Function 00007FF8E83B4818 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: X_set_msg_callback$Callable_CheckDeallocErr_String
                                                                                                                                                                                          • String ID: not a callable object
                                                                                                                                                                                          • API String ID: 3435843511-3332612890
                                                                                                                                                                                          • Opcode ID: 0c89d82348ef2b71303d30cf2f4c80e89d71576985ea4d9135aec353ec0dba8f
                                                                                                                                                                                          • Instruction ID: 405679963a8d81339d0b079795ae2372880a35c1601bb9abe74d92703f4f354d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c89d82348ef2b71303d30cf2f4c80e89d71576985ea4d9135aec353ec0dba8f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C113DB1A08942CAEB598FA5E94437C23A1FFA4BC5F184031CA5D87254DF3DE854830A
                                                                                                                                                                                          Function 00007FF8E83BC170 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_Err_Parse_SizeStringX_set_num_tickets
                                                                                                                                                                                          • String ID: SSLContext is not a server context.$failed to set num tickets.$value must be non-negative
                                                                                                                                                                                          • API String ID: 2130650243-3995814857
                                                                                                                                                                                          • Opcode ID: ee5f3f4d86bb27f9d81ebcabec035fd8ee9f8ab4994f75b22a23639e76f7edee
                                                                                                                                                                                          • Instruction ID: 8d592764b7db9da8a937794d5913c2e40043395e4204989f44ec1a61b555a529
                                                                                                                                                                                          • Opcode Fuzzy Hash: ee5f3f4d86bb27f9d81ebcabec035fd8ee9f8ab4994f75b22a23639e76f7edee
                                                                                                                                                                                          • Instruction Fuzzy Hash: EF0184E0B0D60398FA258BE5E8542BD2371AF64BD1F5C4432C81E96694DF7CEC86C30A
                                                                                                                                                                                          Function 00007FF8F7A983B4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                                                                                                                                          • String ID: expected int, %s found
                                                                                                                                                                                          • API String ID: 3347179618-1178442907
                                                                                                                                                                                          • Opcode ID: ba94c4576414cee53bc417947cb728d11b6e1b572a3cb4c2b884d708c44e0742
                                                                                                                                                                                          • Instruction ID: e7ddbf86630ae292c0b916b16374f82c95c670fc8f7a6ecaac1eb2c550ba0684
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba94c4576414cee53bc417947cb728d11b6e1b572a3cb4c2b884d708c44e0742
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8F01D29A08A42EAFB589B25A88617E23B0BFA9BD5F150535D52E436D0CE2CE478C300
                                                                                                                                                                                          Function 00007FF8F7A97D0C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                                                                                                                                          • String ID: expected int, %s found
                                                                                                                                                                                          • API String ID: 3347179618-1178442907
                                                                                                                                                                                          • Opcode ID: 4323a433a164806f43dd0fefe8e777451b12537361d0481d3b5d69fcffafffb7
                                                                                                                                                                                          • Instruction ID: 36d5cdf1d91df761593f1623465e59556003c84020403597ff761a2784334a87
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4323a433a164806f43dd0fefe8e777451b12537361d0481d3b5d69fcffafffb7
                                                                                                                                                                                          • Instruction Fuzzy Hash: F1F03128E09A02DAFB549B25E88617D23B0BFACBD5F151535D52E472D0CF3CE468C710
                                                                                                                                                                                          Function 00007FF8E83B90FC Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocInsertL_get1_peer_certificateL_get_peer_cert_chainList_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 710524685-0
                                                                                                                                                                                          • Opcode ID: f0f9e1d0734c2eb685e1ccef84cacc510a17aa4e6ecf38762fc5c634eff8f6d5
                                                                                                                                                                                          • Instruction ID: 783d2ab9d6777647b798c3f9b1ff4b1934a8272c0e4090c0a4180f26011065d5
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0f9e1d0734c2eb685e1ccef84cacc510a17aa4e6ecf38762fc5c634eff8f6d5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 523161B1A09A4689EA158B96D95837C23A2EF68FD5F0C4930CE0E47790EF3CEC51D309
                                                                                                                                                                                          Function 00007FF8E83B4910 Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: List_$DeallocItemL_sk_numL_sk_valueX509_up_ref
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2540853196-0
                                                                                                                                                                                          • Opcode ID: dbb3696cff68d5590acd8e6af9dafd005bf02f3404ad91709bb503b94fe57dd4
                                                                                                                                                                                          • Instruction ID: 817df2c5b67153de643b44749682107365916fbea75f950eab492dac5915fbf9
                                                                                                                                                                                          • Opcode Fuzzy Hash: dbb3696cff68d5590acd8e6af9dafd005bf02f3404ad91709bb503b94fe57dd4
                                                                                                                                                                                          • Instruction Fuzzy Hash: F921C3B1A04B028AEA1A8F92A94026D73E0FF98FE1F084535CE6D57794CF3CD8418349
                                                                                                                                                                                          Function 00007FF8E83BB398 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Eval_Thread$O_free_allRestoreSave
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 86175192-0
                                                                                                                                                                                          • Opcode ID: 1da78ab7b5c80315eb31fbdb1af1691113b6bf219f143ffad792c0f55575350e
                                                                                                                                                                                          • Instruction ID: 9713aad380d8dd7cabb87a830f313371d1ddc1273d848cd7c89277485c057a58
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1da78ab7b5c80315eb31fbdb1af1691113b6bf219f143ffad792c0f55575350e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D11F1B2A19A02DAFF5A4FB5E54837C23A0FF64B95F184135C60D46990CF7DE8958306
                                                                                                                                                                                          Function 00007FF8F7A96F50 Relevance: 9.0, APIs: 6, Instructions: 32threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 586723380-0
                                                                                                                                                                                          • Opcode ID: 23548299ace1e7fad86091418f4de8e22443fcfbf1b6eb3ae723178575055703
                                                                                                                                                                                          • Instruction ID: d6cc2123b0f5eca1cef98ab44e056746082223eb17d80bf4e5e78475870997d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 23548299ace1e7fad86091418f4de8e22443fcfbf1b6eb3ae723178575055703
                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F04459E1C60299FB545B71654A07D63716FB4BF0F161630D93E427E0EF2CE0748211
                                                                                                                                                                                          Function 00007FF8E83B7334 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$ArgumentKeywordsObject_TrueUnpack
                                                                                                                                                                                          • String ID: _wrap_socket$argument 'sock'
                                                                                                                                                                                          • API String ID: 2318005752-3343203394
                                                                                                                                                                                          • Opcode ID: 995f5093d64007941d773c3f116d428b2aec1ca68c4969cbd028c7952d6cac08
                                                                                                                                                                                          • Instruction ID: 71dc4ea1c7486958fc3dfd04ff70feb26a9764b9098a638cc40a431fdb02dd01
                                                                                                                                                                                          • Opcode Fuzzy Hash: 995f5093d64007941d773c3f116d428b2aec1ca68c4969cbd028c7952d6cac08
                                                                                                                                                                                          • Instruction Fuzzy Hash: C441DFA2B08A429BEE518B82E84076E67A4FF24BE5F480032DE4C03B54DF3CE855C309
                                                                                                                                                                                          Function 00007FF8E83B6818 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_$KeywordsModuleModule_PositionalStateType_
                                                                                                                                                                                          • String ID: MemoryBIO
                                                                                                                                                                                          • API String ID: 2980520244-1677681617
                                                                                                                                                                                          • Opcode ID: 1f0bec6035332f75f1d54e3576931a009e221cd5e739b548d4f5e04826538c13
                                                                                                                                                                                          • Instruction ID: 8ad560aeff45137d6a21f985307a793e32c3a41cae05d39e3daf4adc33d0561c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f0bec6035332f75f1d54e3576931a009e221cd5e739b548d4f5e04826538c13
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64214762B09E4289EA549F92E8402BD63A1FB64FC0F5C4436DE4C87355EF3CE891C30A
                                                                                                                                                                                          Function 00007FF8E83B4428 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocErr_L_set_L_set_msg_callbackStringSubtypeType_
                                                                                                                                                                                          • String ID: The value must be a SSLContext
                                                                                                                                                                                          • API String ID: 40619448-677980480
                                                                                                                                                                                          • Opcode ID: 55f435c0dfd58e77749fa8e8a3bd5de62cb72cf956c3b77ef99ac921b8128615
                                                                                                                                                                                          • Instruction ID: e25ca2a1e7bfb7ab90d285598756d63e3c2adc7ea06faec6056b370a4b66b70e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55f435c0dfd58e77749fa8e8a3bd5de62cb72cf956c3b77ef99ac921b8128615
                                                                                                                                                                                          • Instruction Fuzzy Hash: D6112EF6A08A0289DB148F69EA4426C33B1FB58FD5F184131CA5D87364CF3CD865C309
                                                                                                                                                                                          Function 00007FF8F7A9678C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                                                                                                                                                                          • String ID: y*|i:send
                                                                                                                                                                                          • API String ID: 3302300731-3140140677
                                                                                                                                                                                          • Opcode ID: 1f24af34c3af4eff5d4d036c24b7df943ef6aa73fb2235a6e6f475ea3271103e
                                                                                                                                                                                          • Instruction ID: b19821e4d36d268a46202f2637127fcadd079d3d367c0724c5609688fc7690ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f24af34c3af4eff5d4d036c24b7df943ef6aa73fb2235a6e6f475ea3271103e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F11F579A08A469AF7108F65E4453AEB7B0FBA87C4F110136DAAD837A4DF3DD458CB40
                                                                                                                                                                                          Function 00007FF8E83BAF4C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocErr_FormatFromModuleO_newO_s_memStateStringType_Unicode_X509_get_subject_name
                                                                                                                                                                                          • String ID: <%s '%U'>
                                                                                                                                                                                          • API String ID: 652521511-3496504151
                                                                                                                                                                                          • Opcode ID: 1064b10b6309ecf209ec96e858533410b593b2576ad4488220159fa48c00efdd
                                                                                                                                                                                          • Instruction ID: a7bb0486fcb66f15667d688571d32b1820800a83ffe7ee07db48478cb6f36304
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1064b10b6309ecf209ec96e858533410b593b2576ad4488220159fa48c00efdd
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2014FB1A09A8286EA059B52ED582BD63A1FB58FD5F4C5030DE0E47769CF3CD8818345
                                                                                                                                                                                          Function 00007FF8F7A911C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Capsule_DeallocPointer
                                                                                                                                                                                          • String ID: _socket.CAPI
                                                                                                                                                                                          • API String ID: 898671391-3774308389
                                                                                                                                                                                          • Opcode ID: 0691c95af274d9f3519134deb355c4529628d951fcf1808423dff860638ca457
                                                                                                                                                                                          • Instruction ID: b2e73912fef37d2093752ed42f2a221e66078207bba8e9fe7ff5beed10ba541b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0691c95af274d9f3519134deb355c4529628d951fcf1808423dff860638ca457
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4001FF3AD0D902EDF7164F65E8562BC3274EBA5B95F664034D52D456D0CF3DA4A1C340
                                                                                                                                                                                          Function 00007FF8F93F10E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                                                                                                                                          • String ID: close$error
                                                                                                                                                                                          • API String ID: 4029360594-371397155
                                                                                                                                                                                          • Opcode ID: b00ee18b52f09e43015f11ecc5196efd95cb15d53436f0639fb64e3f7d15bcef
                                                                                                                                                                                          • Instruction ID: 7c7c3cf726db0518a55e8eea8a1b63382098c20861370a636357bfb3c0d28d32
                                                                                                                                                                                          • Opcode Fuzzy Hash: b00ee18b52f09e43015f11ecc5196efd95cb15d53436f0639fb64e3f7d15bcef
                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F03A21A09AC7D6EF189F65FC440792360BF29BD8F446236DA2D4A3ECDE3ED0598300
                                                                                                                                                                                          Function 00007FF8F7A94AC8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                                                                                                                                          • String ID: (is)$host not found
                                                                                                                                                                                          • API String ID: 3413694139-3306034047
                                                                                                                                                                                          • Opcode ID: 5dafd3de781433da4144f6a1c68e8fb1367a9a8d4cbc2f5dc5d8f288d8d43c2b
                                                                                                                                                                                          • Instruction ID: 313ed5e1eec05653743f5ee36c3519ba570aae853967a3baa16bc3887a3fc481
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dafd3de781433da4144f6a1c68e8fb1367a9a8d4cbc2f5dc5d8f288d8d43c2b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF0FE29A08642A5FB054FA1E9852AD73B0EFA8BD4F464031CA6D466A4DE3CE4A4C300
                                                                                                                                                                                          Function 00007FF8F7A94A70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                                                                                                                                          • String ID: (is)$getaddrinfo failed
                                                                                                                                                                                          • API String ID: 3413694139-582941868
                                                                                                                                                                                          • Opcode ID: 6d3696d45c9a8b2b7f632d13abba6ccc3b07fd922a482b1a9f600298cf0d48ef
                                                                                                                                                                                          • Instruction ID: 6c881087df218a454e6f8856d9772b48c7cad6b9280e7a873152bd93f7d9450a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d3696d45c9a8b2b7f632d13abba6ccc3b07fd922a482b1a9f600298cf0d48ef
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92F0FE39A08642AAFB054F61E9551AD33B1EFA8BD4F464131CA2D46B94EE3CD4A5C300
                                                                                                                                                                                          Function 00007FF8E83B1F70 Relevance: 7.7, APIs: 5, Instructions: 172COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocModule_State
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1903735390-0
                                                                                                                                                                                          • Opcode ID: 48e5c82ff59f37f7a28ed3505f4000bd4791a6282bd26bbf0161e25cfc570e13
                                                                                                                                                                                          • Instruction ID: 3ee20434779b790e5365a8dca6e73e2dd7623868af198fe695dc063c7ae627de
                                                                                                                                                                                          • Opcode Fuzzy Hash: 48e5c82ff59f37f7a28ed3505f4000bd4791a6282bd26bbf0161e25cfc570e13
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5481EBB1A0D642CDFF798EA4C45437C32A0EB64B89F284636DA0E85195CF7DAC85D30B
                                                                                                                                                                                          Function 00007FF8F93F26F0 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: List_$DeallocItem
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1559017468-0
                                                                                                                                                                                          • Opcode ID: 0510465720fbbf57f064ff2e3727586b04389ca9bb4a7a224825a4f618bb6ef6
                                                                                                                                                                                          • Instruction ID: a99468cd2c1f64c229cbcf6d5cf40419db064facbf9be5205078944dd09800bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0510465720fbbf57f064ff2e3727586b04389ca9bb4a7a224825a4f618bb6ef6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C219E32A18782CBEB189F12E9442A973A0FB58BC8F445435CB5E83399DF3EE559C340
                                                                                                                                                                                          Function 00007FF8E83BC50C Relevance: 7.6, APIs: 5, Instructions: 64encryptionCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CertStore$CloseOpen$Collection
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1995843185-0
                                                                                                                                                                                          • Opcode ID: 05e556a5c6e732ab5d5febe3ec543050efb8a2559cdb4e5a88676f1d48d4664a
                                                                                                                                                                                          • Instruction ID: 7738e47c8f04b186b9c5b44d276fbeb463493cfe7f548abb785b81a05d83d454
                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e556a5c6e732ab5d5febe3ec543050efb8a2559cdb4e5a88676f1d48d4664a
                                                                                                                                                                                          • Instruction Fuzzy Hash: C021C272B086558AF724CFA7E8047AE6361FBA4BD0F484431DD0D03B14EF3CE9068604
                                                                                                                                                                                          Function 00007FF8F93F1070 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocModule_State
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1903735390-0
                                                                                                                                                                                          • Opcode ID: 29ba12ce9a091516bd5ec055b50f0585dfd5d964cbc4b820affa4f0832a20046
                                                                                                                                                                                          • Instruction ID: 9af9e7f9325ef12e5fde964e6780a55471ab3a9f1f32eb9d10fbab6fb055d5a8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 29ba12ce9a091516bd5ec055b50f0585dfd5d964cbc4b820affa4f0832a20046
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4321983390E6C3CEEB6D5FA4AC4437822A4AB65B9DF146030C62E862C9CF7FA4459751
                                                                                                                                                                                          Function 00007FF8E83B4268 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Object_$Err_L_get1_sessionL_get_sessionN_freeStringTrack
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3192219654-0
                                                                                                                                                                                          • Opcode ID: f29b1208e08be7fbbb106f73babd9452bc8dc5df8375ad44fbf59b3a7c79990c
                                                                                                                                                                                          • Instruction ID: 8e92f005130fa43ba417b9426dcdbf849e206ae84a61cf93e0b769ee173f3a32
                                                                                                                                                                                          • Opcode Fuzzy Hash: f29b1208e08be7fbbb106f73babd9452bc8dc5df8375ad44fbf59b3a7c79990c
                                                                                                                                                                                          • Instruction Fuzzy Hash: AA112861A09B428AEE658BD6E59027C23A0FFA8BC0F580434DE4E47754DF3CEC52D709
                                                                                                                                                                                          Function 00007FF8F7A96E10 Relevance: 7.5, APIs: 5, Instructions: 39threadnetworkCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Arg_DuplicateParseRestoreSaveSizeSocketTuple_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3898289384-0
                                                                                                                                                                                          • Opcode ID: 2ea8bfd0c8e761c45e66465940b5b2edbab2315194e04a59865b73371df5f2f7
                                                                                                                                                                                          • Instruction ID: 9578fdd47cda06e883b5f7e9f636cb4eabae105d014fbbb11f90229ca508e7f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ea8bfd0c8e761c45e66465940b5b2edbab2315194e04a59865b73371df5f2f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: F4113069A1978299FB209B60E44A2AE7371FFA8BD0F411132D96E037D4DF3CE0658600
                                                                                                                                                                                          Function 00007FF8F7A96EBC Relevance: 7.5, APIs: 5, Instructions: 33threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 24305128-0
                                                                                                                                                                                          • Opcode ID: ab70f0809716880a260891902c4992cf86772b9ffdbb117dac050b74a4e95bf6
                                                                                                                                                                                          • Instruction ID: 3152605339098c83842fb285a85a3e8e2d03bac8ccb12e29153940ac22b1403c
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab70f0809716880a260891902c4992cf86772b9ffdbb117dac050b74a4e95bf6
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4016D29B087429AFB609B62B48507E6371BFA8BD0B061530DA6E437D4DF3CE4658210
                                                                                                                                                                                          Function 00007FF8F7A97DE4 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_$DecodeDefaultErrnoFromLongLong_OccurredUnicode_Unsignedif_indextoname
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2382930745-0
                                                                                                                                                                                          • Opcode ID: 55b196c569d814ce7e59b1347d5a184776df428cd5e40dd405d9c37f1fb1d2c9
                                                                                                                                                                                          • Instruction ID: 31d2c02b71604b10786f5a5c887683c16ab693ea914616c6ad3b120e413bf276
                                                                                                                                                                                          • Opcode Fuzzy Hash: 55b196c569d814ce7e59b1347d5a184776df428cd5e40dd405d9c37f1fb1d2c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1011769A1964199FB219B31E8963BD33B0AFECBD4F420535C96E463D0DF3CE5688610
                                                                                                                                                                                          Function 00007FF8E83B3B48 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DeallocObject_$N_freeTrack
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1683932209-0
                                                                                                                                                                                          • Opcode ID: 775fb557beedb083cb913ec6ccd920e36055dbf0698ded0f723e0fa420ecf818
                                                                                                                                                                                          • Instruction ID: 9985a2edb9032182711543af142ac8ff0ccde85f83e2fca7b0674764c0aee73f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 775fb557beedb083cb913ec6ccd920e36055dbf0698ded0f723e0fa420ecf818
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AF036B5A0A611CAFA199FA1E94437C73A0EF64BD6F0C4030CA0A42664CF3CD8908706
                                                                                                                                                                                          Function 00007FF8E7E018E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 214COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                          • String ID: ..\s\ssl\t1_enc.c$tls1_change_cipher_state
                                                                                                                                                                                          • API String ID: 1274617517-2635170098
                                                                                                                                                                                          • Opcode ID: 11893891339bedcbcdfa3c6335f844c190b9662246a9e644dbcde81bbd9d68e5
                                                                                                                                                                                          • Instruction ID: 2f5a97dc69a82989260750de5fea9effc2f2f57c3443e7bff29bca16572518c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 11893891339bedcbcdfa3c6335f844c190b9662246a9e644dbcde81bbd9d68e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 11310132718A8296E359CB6AD940BAD37A0FB49BD4F444131EE6C47B50DF3DE5A2CB01
                                                                                                                                                                                          Function 00007FF8E7DD1866 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_maxfragmentlen
                                                                                                                                                                                          • API String ID: 193678381-2570358037
                                                                                                                                                                                          • Opcode ID: 66d91b00dfff9d6cac1da16f06c23946d5c2659713d975b06102a26cfaa6d4af
                                                                                                                                                                                          • Instruction ID: 309278fad69c6f562f74c5071a09e12db35120ab3905f76da946e24b4bffc9da
                                                                                                                                                                                          • Opcode Fuzzy Hash: 66d91b00dfff9d6cac1da16f06c23946d5c2659713d975b06102a26cfaa6d4af
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F11AF21B0828342FB5497A6E941BFD1254EF84BC4F5C1130EEAC47BD7EE2EEA808701
                                                                                                                                                                                          Function 00007FF8E7DD1889 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_renegotiate
                                                                                                                                                                                          • API String ID: 0-2485672351
                                                                                                                                                                                          • Opcode ID: a2de3600f4937374e70431a46ebc41c74bc1216ca5b5c4d19d13044bcbcacd87
                                                                                                                                                                                          • Instruction ID: c1f7b0dd8e704e4f4da2b589564721d8c75db96e959181c542437100cc94e2df
                                                                                                                                                                                          • Opcode Fuzzy Hash: a2de3600f4937374e70431a46ebc41c74bc1216ca5b5c4d19d13044bcbcacd87
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D116021F1C28382FB54A7A2EA457BD1250EF44BC4F481231EEBD4BAC6EE6DE5918701
                                                                                                                                                                                          Function 00007FF8E83BAE3C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • PyUnicode_InternFromString.PYTHON312(?,?,00000000,00007FF8E83BA4A6), ref: 00007FF8E83BAE57
                                                                                                                                                                                          • PyUnicode_InternFromString.PYTHON312(?,?,00000000,00007FF8E83BA4A6), ref: 00007FF8E83BAE7C
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FromInternStringUnicode_
                                                                                                                                                                                          • String ID: pkcs_7_asn$x509_asn
                                                                                                                                                                                          • API String ID: 3337471625-3375957347
                                                                                                                                                                                          • Opcode ID: 9e1b42862e69df54ecbaba9055531d93a47113c4516688e7652d9ad2f5a61c00
                                                                                                                                                                                          • Instruction ID: 57f4fb329a5e1c1046079caecf0985be306eff01d9b9061b30460040bfc9c64b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e1b42862e69df54ecbaba9055531d93a47113c4516688e7652d9ad2f5a61c00
                                                                                                                                                                                          • Instruction Fuzzy Hash: B3110370A4BB0789FA5A8B99945833C2291AF787C0F1C0434C84D473D0EF3CBD45875A
                                                                                                                                                                                          Function 00007FF8E83B6974 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_CheckErr_Long_OccurredPositional
                                                                                                                                                                                          • String ID: read
                                                                                                                                                                                          • API String ID: 3612027452-2555855207
                                                                                                                                                                                          • Opcode ID: f60f7f40b7e336c96a037121acb040356d80db434aa3cd21ea4bace601cc1dc6
                                                                                                                                                                                          • Instruction ID: 61401a18dbc5174b9f75d015a0f48bfa59a0be620fbcb779668ca5052f413abf
                                                                                                                                                                                          • Opcode Fuzzy Hash: f60f7f40b7e336c96a037121acb040356d80db434aa3cd21ea4bace601cc1dc6
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD01D271B08E5189EA94AFA6A84026D73A0EBA8FD0F6C4131DE1C837A5DF3CEC41C705
                                                                                                                                                                                          Function 00007FF8E7DD18F7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$tls_post_process_client_key_exchange
                                                                                                                                                                                          • API String ID: 193678381-3756838607
                                                                                                                                                                                          • Opcode ID: 4cfbf4e733cfbe697d4fe768231788cdc8307e7c6f41489d7e5e950bb2125058
                                                                                                                                                                                          • Instruction ID: 3d30d99ef68cd0da95cf47e4a55c8983d96425c116745ef32fe55b438a316707
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cfbf4e733cfbe697d4fe768231788cdc8307e7c6f41489d7e5e950bb2125058
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8101DF22F0910382FB60A7E1E8467FC2290DF50B84F890630D66D962E2EE3DE9D1C306
                                                                                                                                                                                          Function 00007FF8F7A95404 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                                                                                                                                                                          • String ID: connect_ex$socket.connect
                                                                                                                                                                                          • API String ID: 3879675179-935070752
                                                                                                                                                                                          • Opcode ID: 2962bc6f7dbe70797a4ee8eecfeeb2ff851f713150ec20ace90f4a2f1302f801
                                                                                                                                                                                          • Instruction ID: 91596ec24a91d3d867ce45464676a75686d18bc4b3953f95214b79c7af798bed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2962bc6f7dbe70797a4ee8eecfeeb2ff851f713150ec20ace90f4a2f1302f801
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32115229B08A8299FB648B65F4127AE7370FFA47C4F520036DA6D47AC5EE2CE124C740
                                                                                                                                                                                          Function 00007FF8E83B65A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_StringX_get_verify_callbackX_set_verify
                                                                                                                                                                                          • String ID: invalid value for verify_mode
                                                                                                                                                                                          • API String ID: 93861573-2668209411
                                                                                                                                                                                          • Opcode ID: 96062618e6401930d0c6695b8caca7c0c6f0155a16cec433ed1d54d9221df87a
                                                                                                                                                                                          • Instruction ID: 24877815fb64e1d207d315fa24b28c8edc3b12deb2eb29f4e3b5178cf7ac74f1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 96062618e6401930d0c6695b8caca7c0c6f0155a16cec433ed1d54d9221df87a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F044A1B08A0289EE158BA9E49437C2360FF997D4F6C4132C91D876A9DF3CDC95830A
                                                                                                                                                                                          Function 00007FF8E83B49E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: DecodeErr_O_ctrlStringUnicode_
                                                                                                                                                                                          • String ID: Not a memory BIO
                                                                                                                                                                                          • API String ID: 3520065620-587638661
                                                                                                                                                                                          • Opcode ID: cab45333d7015e789333fc73add9544b9a15e63c3c358068959200dd9beafba3
                                                                                                                                                                                          • Instruction ID: 64c75e5bc8c89c3ec8cb82a51bfb3c342e23f64b078510833e212e74570c6ff9
                                                                                                                                                                                          • Opcode Fuzzy Hash: cab45333d7015e789333fc73add9544b9a15e63c3c358068959200dd9beafba3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42F0B4E1A29642CAEB44CBE1E8447BD63A0EFA4BC2F085030DD0E8A614DF3CD848C70D
                                                                                                                                                                                          Function 00007FF8E83B9CB4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_get_versionL_is_init_finishedstrcmp
                                                                                                                                                                                          • String ID: unknown
                                                                                                                                                                                          • API String ID: 1061301088-2904991687
                                                                                                                                                                                          • Opcode ID: a4e3052c05d3d3f98f72cc48534b578a0bdd307dd89b2f5b30d23ca7ab0e0f40
                                                                                                                                                                                          • Instruction ID: 2f0927f8b84b8bb923d77576784a09f69c39b24a6c3ae4d50ed8b660b8db0a10
                                                                                                                                                                                          • Opcode Fuzzy Hash: a4e3052c05d3d3f98f72cc48534b578a0bdd307dd89b2f5b30d23ca7ab0e0f40
                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F01CD0F0950789EE1A9BA6A9513B923A19F64FC5F0C0031CD0D4A350EF2CEC918349
                                                                                                                                                                                          Function 00007FF8E83B48B4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$Bytes_Err_FromO_ctrlSize
                                                                                                                                                                                          • String ID: Not a memory BIO
                                                                                                                                                                                          • API String ID: 2349510700-587638661
                                                                                                                                                                                          • Opcode ID: 071923f791a2c1206c412f803b1bf76e5093a6cd95fe4f4afe5445ec7203d221
                                                                                                                                                                                          • Instruction ID: cde5232089387d481904d1ed1c402e82a130d33060d7406f95f21c8a4677bedc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 071923f791a2c1206c412f803b1bf76e5093a6cd95fe4f4afe5445ec7203d221
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3F089A1B2964286EB49CBA1E95477D73A0FF947C1F485031D90E86A14CF3CD8488706
                                                                                                                                                                                          Function 00007FF8F7A96738 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FF8F7A96777
                                                                                                                                                                                          • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FF8F7A96751
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_FormatFromStringUnicode_
                                                                                                                                                                                          • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                                                                                                                                                                          • API String ID: 1884982852-285600062
                                                                                                                                                                                          • Opcode ID: ff9266a9ee1f81eaf94e791bbc0501b2ca49c8d8a91491c8603a5e96e663f622
                                                                                                                                                                                          • Instruction ID: cfad5a6157a9e4a5b8d1314b078519546486e72b54408f467a2be816806f4e69
                                                                                                                                                                                          • Opcode Fuzzy Hash: ff9266a9ee1f81eaf94e791bbc0501b2ca49c8d8a91491c8603a5e96e663f622
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF01D68E085029AFF108B14D94106C3371BB64BE8F610331C93D472E0DE2CE4668B00
                                                                                                                                                                                          Function 00007FF8E7E26880 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(00000000,?,00000000,?,?,00007FF8E7E2401B), ref: 00007FF8E7E268C3
                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-3(00000000,?,00000000,?,?,00007FF8E7E2401B), ref: 00007FF8E7E268D6
                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-3(00000000,?,00000000,?,?,00007FF8E7E2401B), ref: 00007FF8E7E268F9
                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-3(00000000,?,00000000,?,?,00007FF8E7E2401B), ref: 00007FF8E7E2691A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: L_sk_free$L_sk_numL_sk_value
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4251522676-0
                                                                                                                                                                                          • Opcode ID: 8c218acdc074ba239923e6833bd1e70dbfceb53170d225625a95e0b5f837846f
                                                                                                                                                                                          • Instruction ID: f3d0efa32d03622c628d4e20e3a9828d96d714ef98dac89b3800ad50b11f6dfa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c218acdc074ba239923e6833bd1e70dbfceb53170d225625a95e0b5f837846f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9431C522B0C79381F61096AAE54077E66D0BB84FC0F154230EEED47BAADF3CD1418742
                                                                                                                                                                                          Function 00007FF8F7A9454C Relevance: 6.1, APIs: 4, Instructions: 75threadtimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$RestoreSaveTime_Timeval_clampselect
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3905867726-0
                                                                                                                                                                                          • Opcode ID: 132c99158f9a3ea89ea502ecae564c9cdf5c0a75580648827cc09a477b3f3839
                                                                                                                                                                                          • Instruction ID: 44a869ee21fe6d4962339560a0c0281b081c0f4252616e0bf75a57fc483b33af
                                                                                                                                                                                          • Opcode Fuzzy Hash: 132c99158f9a3ea89ea502ecae564c9cdf5c0a75580648827cc09a477b3f3839
                                                                                                                                                                                          • Instruction Fuzzy Hash: 973193A6A08B919AF7608F25A8456AE63B0FB997E4F520235DB7D837C4DF3CD815C700
                                                                                                                                                                                          Function 00007FF8E83B4334 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 18cba5ed772c5235c12ea806df6737c26389486f358591a6af130e5519bdaead
                                                                                                                                                                                          • Instruction ID: 80dcb2ab79eb1db4ad6ef5773268f63cd90e1e7296934b7af87e867f064d21e9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 18cba5ed772c5235c12ea806df6737c26389486f358591a6af130e5519bdaead
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8821E262A1DB458AEB248BA4E54036E63A0FF697A4F080631CA5D43B84DF3DE8618749
                                                                                                                                                                                          Function 00007FF8F7A95684 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1387529023-0
                                                                                                                                                                                          • Opcode ID: d333ced5451af9c47f1d40d52a0f7a17ea8ca670dc3e75ab6e25fc5b6f2c5c02
                                                                                                                                                                                          • Instruction ID: 743e902d50cfc29f46378587eee9aa134623422c305cd3c55d015da2a5ee088c
                                                                                                                                                                                          • Opcode Fuzzy Hash: d333ced5451af9c47f1d40d52a0f7a17ea8ca670dc3e75ab6e25fc5b6f2c5c02
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D112429A1CBC2C5FB709B51F4423AE6371FBA87C4F015132D69D17A89DE2CE155CB00
                                                                                                                                                                                          Function 00007FF8F7A95744 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 772546412-0
                                                                                                                                                                                          • Opcode ID: 331c56e1a5d5b6d9b8728b9afc51924fc515e080c38d2058f0a06873dd37f908
                                                                                                                                                                                          • Instruction ID: e867e833099ad9a857e5cb8dcb6520c21015505650be3d79db8e0d83af40f1bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 331c56e1a5d5b6d9b8728b9afc51924fc515e080c38d2058f0a06873dd37f908
                                                                                                                                                                                          • Instruction Fuzzy Hash: B811242AA18BC2C6FB709B51F0423AE7371FB987C4F014532D69D17A95DE2CE155CB00
                                                                                                                                                                                          Function 00007FF8E83B937C Relevance: 6.0, APIs: 4, Instructions: 41threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Eval_Thread$ErrorFromL_get_errorL_pendingLastLongLong_R_clear_errorR_peek_last_errorRestoreSave_errno
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1598009871-0
                                                                                                                                                                                          • Opcode ID: bd66a484389976e2d9917da0654f251057372c2555f45b17400fb237740d253f
                                                                                                                                                                                          • Instruction ID: c0057fc5769f2ba6bf89b8b975b78ec7119b0c7bd0cfe91a6a50b2aba754e89f
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd66a484389976e2d9917da0654f251057372c2555f45b17400fb237740d253f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5211A036A08B818AD710CF61E40016EA760FBA9BD4F180131EE4907B59DF3CD841C784
                                                                                                                                                                                          Function 00007FF8E83B2C9C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                          • Opcode ID: 1dbbfe239ca767fa074309c1900c0af5277f88ff08d42d193e2f4e17c80eae60
                                                                                                                                                                                          • Instruction ID: 471c1caecef2a4bf63c598af7abd3aeb6ee55fb1c207b3add5685aa231b3533f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dbbfe239ca767fa074309c1900c0af5277f88ff08d42d193e2f4e17c80eae60
                                                                                                                                                                                          • Instruction Fuzzy Hash: 86112E22B14F0189EB00DFA0E8543BC33A4FB29B98F480E35DA6D467A4DF7CD5A98341
                                                                                                                                                                                          Function 00007FF8F93F166C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623905996.00007FF8F93F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF8F93F0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623888389.00007FF8F93F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623923815.00007FF8F93F3000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623939730.00007FF8F93F5000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623955605.00007FF8F93F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f93f0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                          • Opcode ID: 9c853473a29be10e18c41db3475ffbe93156bbd5e1d3e33e9fbd1863b34337d1
                                                                                                                                                                                          • Instruction ID: 47b7e654d7aa2424863cd3e6175e8001452407c2c23f0349b0063f93bc84cd21
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c853473a29be10e18c41db3475ffbe93156bbd5e1d3e33e9fbd1863b34337d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42111C26B14B42CAEB008F60EC542B833A4FB29798F441931DA6D467A8DF79D1588340
                                                                                                                                                                                          Function 00007FF8F7A92F4C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                          • Opcode ID: c078feb60dcaa47ac6474724f16ee69659723c0569e8a68c8bd7eb9cde73f689
                                                                                                                                                                                          • Instruction ID: f54e57585eaf2ca816d79560a07a4bec524aa8b71915f0a93cf920ff45440a63
                                                                                                                                                                                          • Opcode Fuzzy Hash: c078feb60dcaa47ac6474724f16ee69659723c0569e8a68c8bd7eb9cde73f689
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42111C2AB14B0199FB408B60E8562BD33B4F769799F450A31DA7E46BA8DF78D1688340
                                                                                                                                                                                          Function 00007FF8E83B8C50 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: P_get_type$J_nid2snL_get_current_compression
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 142675065-0
                                                                                                                                                                                          • Opcode ID: 5c81141618a27e36b769ca34b3e1d8d4e49db25c0687bea3d472a1030b3d0e27
                                                                                                                                                                                          • Instruction ID: 22a6d8d8ba9590e66b123545ebed04530e2307d27081b5389e28375080cf9d2b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c81141618a27e36b769ca34b3e1d8d4e49db25c0687bea3d472a1030b3d0e27
                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F0FEE4F1B60689FE5B9BD6A46537C5390AF68BC2F0C0434C91E06390DF3CEC82920A
                                                                                                                                                                                          Function 00007FF8E83BB438 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Dealloc$Eval_Thread$FreeMem_O_free_allObject_RestoreSaveTrackX_free
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3459953665-0
                                                                                                                                                                                          • Opcode ID: a9875cf1c67b00e17a610e7d66ffc70e08f2c4ffde8785b738a3705543e072b1
                                                                                                                                                                                          • Instruction ID: 9e5a23ed84c5d6525f68bf4156b5c8c5d6ac3f758a0d2b2a23329bdbf273518b
                                                                                                                                                                                          • Opcode Fuzzy Hash: a9875cf1c67b00e17a610e7d66ffc70e08f2c4ffde8785b738a3705543e072b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0B776A08B4285EB099F62E9442BC2360FB99FD6F085030DA4E07365CF3CD895C705
                                                                                                                                                                                          Function 00007FF8E7DD182A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: D_bytes_ex_time64
                                                                                                                                                                                          • String ID: DOWNGRD
                                                                                                                                                                                          • API String ID: 2101710396-2922851170
                                                                                                                                                                                          • Opcode ID: f6d67c190e77e798052bc447661e4371ffaf2059aa6f14a98b87bb3de26420c3
                                                                                                                                                                                          • Instruction ID: c4537d06af6b24b86ee2cb538115cf1f95c02cef1bc51b7682c391d03796e114
                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d67c190e77e798052bc447661e4371ffaf2059aa6f14a98b87bb3de26420c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: E1212922B1C68282E7488BA5F55127D6B91FB88BC8F484235EB6F47749CF2CD890C301
                                                                                                                                                                                          Function 00007FF8F7A94B20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00007FF8F7A9858C: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8F7A985D0
                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF8F7A93F6E), ref: 00007FF8F7A94BFB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_String__stdio_common_vsscanf
                                                                                                                                                                                          • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                                                                                                                                                                          • API String ID: 3283897942-3956635471
                                                                                                                                                                                          • Opcode ID: 9a25953ac75145d6aba4d4d186b3f01f15b32b624dcdd9ca5de7cfc51754f7dd
                                                                                                                                                                                          • Instruction ID: e0987d2aeba89045118921a25d2962d79ebc8728b58aae59b2b0ac4a169fde77
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a25953ac75145d6aba4d4d186b3f01f15b32b624dcdd9ca5de7cfc51754f7dd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D21B07971CA419AEB00CB41E8891AD73B6F7947D0F428136EAAC47B94DF3DD864C710
                                                                                                                                                                                          Function 00007FF8E83B7270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                          • String ID: ascii
                                                                                                                                                                                          • API String ID: 2971325497-3510295289
                                                                                                                                                                                          • Opcode ID: 89ab5837788cadbf6b723f99e2170347cfecf53e7e994478dae6f3ea12741f2a
                                                                                                                                                                                          • Instruction ID: c6a5be4dd0ea29e3d909e846271b9ce8f5d48549e28ff34752e9a7ac2e3539ac
                                                                                                                                                                                          • Opcode Fuzzy Hash: 89ab5837788cadbf6b723f99e2170347cfecf53e7e994478dae6f3ea12741f2a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 71110A76A08B8185DA10CF92E84026EB7A4FB98BC0F584035EF8D83B24DF3CD4518744
                                                                                                                                                                                          Function 00007FF8E83B7498 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_FreeMem_Parse_Size
                                                                                                                                                                                          • String ID: ascii
                                                                                                                                                                                          • API String ID: 2971325497-3510295289
                                                                                                                                                                                          • Opcode ID: 06c5740eaa89efa88dbc7fe9f8713566740db95768f202a3a90268ad53ffdf4d
                                                                                                                                                                                          • Instruction ID: 6802830efa6b674a44656dc3a52ce47caee68bc4d9c29a3164fa67d604ab5af7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 06c5740eaa89efa88dbc7fe9f8713566740db95768f202a3a90268ad53ffdf4d
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0119EB1A18B4586EB108B92F84076EB3A4FB98BD0F580131EE8D07B14DF7CD8018745
                                                                                                                                                                                          Function 00007FF8E7E0C8BA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2622739542.00007FF8E7DD1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8E7DD0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2622720242.00007FF8E7DD0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622739542.00007FF8E7E52000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622812197.00007FF8E7E54000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622840393.00007FF8E7E7C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E81000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E87000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2622858003.00007FF8E7E8F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e7dd0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: O_indentO_printf
                                                                                                                                                                                          • String ID: %s (%d)
                                                                                                                                                                                          • API String ID: 1860387303-2206749211
                                                                                                                                                                                          • Opcode ID: ab20ad5b0a7f5317711776015f061e678c933b39371b68e3f97ae94909697f01
                                                                                                                                                                                          • Instruction ID: 498c210fae03eb91d7c2618ceb29267d1f1069968fcb52d93b0d76173652cfc3
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab20ad5b0a7f5317711776015f061e678c933b39371b68e3f97ae94909697f01
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B016D36A1864785EA118B85E4023BD6B51FB86FD4F454032CEAE47365DE3DE5438705
                                                                                                                                                                                          Function 00007FF8E83B9238 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Arg_CheckObject_PositionalTrue
                                                                                                                                                                                          • String ID: getpeercert
                                                                                                                                                                                          • API String ID: 341638686-200429401
                                                                                                                                                                                          • Opcode ID: 3b590738d01da4c930107bcab3e882544aeefce5f89ee21d5b9a4a66fe65000a
                                                                                                                                                                                          • Instruction ID: 56cf70c6c1f10d0e0478e50543a609086789692053a19eff2c0c3513b7ddab69
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b590738d01da4c930107bcab3e882544aeefce5f89ee21d5b9a4a66fe65000a
                                                                                                                                                                                          • Instruction Fuzzy Hash: DE01BC72B08A518AEB10AF96A840269B7A5EBA8FC0F4C4031DE0D8B715EF3DEC41C704
                                                                                                                                                                                          Function 00007FF8F7A94198 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623554577.00007FF8F7A91000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8F7A90000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623538384.00007FF8F7A90000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623572075.00007FF8F7A99000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623589632.00007FF8F7AA1000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623607439.00007FF8F7AA3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8f7a90000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                          • String ID: getsockaddrlen: bad family$getsockaddrlen: unknown BT protocol
                                                                                                                                                                                          • API String ID: 1450464846-3381576205
                                                                                                                                                                                          • Opcode ID: 61f6dba2baf4e8a6a13b83a508e2d01ce448c277784260ee3ff2a69e2c2da47f
                                                                                                                                                                                          • Instruction ID: c92539ba88ff3a72062e2b617e3fc37dc1a4bcee7fbcb8e85a833bf6511dabbf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61f6dba2baf4e8a6a13b83a508e2d01ce448c277784260ee3ff2a69e2c2da47f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2701C9BD908502DEF7294F08D88627E36B0AB75784FB24431C52E866D0DF6DA4F2D741
                                                                                                                                                                                          Function 00007FF8E83BC4AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • Cannot set verify_mode to CERT_NONE when check_hostname is enabled., xrefs: 00007FF8E83BC4EA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_String$Arg_Parse_Size
                                                                                                                                                                                          • String ID: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.
                                                                                                                                                                                          • API String ID: 1619524773-288992553
                                                                                                                                                                                          • Opcode ID: c04a4abca08180bb1806a235da888040bdd3cc071ca3336f19d21cdc5c823104
                                                                                                                                                                                          • Instruction ID: b9c6d62e27cf53a0059515d659984b1ec393e0db122a347f36cda485cc579e8c
                                                                                                                                                                                          • Opcode Fuzzy Hash: c04a4abca08180bb1806a235da888040bdd3cc071ca3336f19d21cdc5c823104
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39F030E0E0850789EE659BA594406BD2360AFB4BE1F2C5132CD1D466A4DF3CED85870A
                                                                                                                                                                                          Function 00007FF8E83BB9DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_StringX_get_verify_mode
                                                                                                                                                                                          • String ID: invalid return value from SSL_CTX_get_verify_mode
                                                                                                                                                                                          • API String ID: 3939857436-2501269723
                                                                                                                                                                                          • Opcode ID: 847180bcdc4f8ef2f987f2602d814593e93c2d272563790b66ce044efbdd5fbb
                                                                                                                                                                                          • Instruction ID: 6b1410669e35a9c1ecb93be8ed6885e6fcf448c59bfe2c196d635845b64071ee
                                                                                                                                                                                          • Opcode Fuzzy Hash: 847180bcdc4f8ef2f987f2602d814593e93c2d272563790b66ce044efbdd5fbb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 24F030A2E1940785EB698BA5D85537C5361EF68B95F5C1431C61E8A6A0CF2CDCE2C30A
                                                                                                                                                                                          Function 00007FF8E83B25E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Capsule_ImportModule_State
                                                                                                                                                                                          • String ID: _socket.CAPI
                                                                                                                                                                                          • API String ID: 2652237932-3774308389
                                                                                                                                                                                          • Opcode ID: e118b4f8314f85817e636f739f28e14bac6ddd7841f31f7c252a7d122ee08299
                                                                                                                                                                                          • Instruction ID: 3372c3ccc5bac0ab822a7cdd89b7cd01bf0dc1940a6f0c1b849609e7c8164cdd
                                                                                                                                                                                          • Opcode Fuzzy Hash: e118b4f8314f85817e636f739f28e14bac6ddd7841f31f7c252a7d122ee08299
                                                                                                                                                                                          • Instruction Fuzzy Hash: E9E030B1E0A6028EEA2A8BE4945037823A0AF64B66F1C0230C91D83390DF7DEC918706
                                                                                                                                                                                          Function 00007FF8E83BC2D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000002.00000002.2623328947.00007FF8E83B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF8E83B0000, based on PE: true
                                                                                                                                                                                          • Associated: 00000002.00000002.2623313842.00007FF8E83B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623346655.00007FF8E83BD000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623366562.00007FF8E83D0000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623384572.00007FF8E83D1000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000002.00000002.2623409515.00007FF8E83D9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8e83b0000_Cb89Ti1Mib.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Err_Object_StringTrue
                                                                                                                                                                                          • String ID: cannot delete attribute
                                                                                                                                                                                          • API String ID: 1323943456-1747274469
                                                                                                                                                                                          • Opcode ID: deab7f47fab6be6d8ee61470021df88b765b88ecfa912c13c10eda449fabbf92
                                                                                                                                                                                          • Instruction ID: 84430b0af6c80ad4a30f464b774b69ecd6a4266d38c73d1b8f72c0985933b4b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: deab7f47fab6be6d8ee61470021df88b765b88ecfa912c13c10eda449fabbf92
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EE092E4B0850389EE298BFA985427C2351AF647E5F184231C83D8A1E4EF3C98868306