Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
l4.exe

Overview

General Information

Sample name:l4.exe
Analysis ID:1577336
MD5:d68f79c459ee4ae03b76fa5ba151a41f
SHA1:bfa641085d59d58993ba98ac9ee376f898ee5f7b
SHA256:aa50c900e210abb6be7d2420d9d5ae34c66818e0491aabd141421d175211fed6
Tags:18521511316185215113209bulletproofexeuser-abus3reports
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • l4.exe (PID: 6672 cmdline: "C:\Users\user\Desktop\l4.exe" MD5: D68F79C459EE4AE03B76FA5BA151A41F)
    • conhost.exe (PID: 6692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • l4.exe (PID: 6608 cmdline: C:\Users\user\Desktop\l4.exe MD5: 63C4E3F9C7383D039AB4AF449372C17F)
  • l4.exe (PID: 7148 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe" MD5: D68F79C459EE4AE03B76FA5BA151A41F)
    • conhost.exe (PID: 7160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • l4.exe (PID: 5768 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe" MD5: 63C4E3F9C7383D039AB4AF449372C17F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe, ProcessId: 6608, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exeReversingLabs: Detection: 63%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeReversingLabs: Detection: 63%
Multi AV Scanner detection for submitted file
Source: l4.exeReversingLabs: Detection: 63%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for dropped file
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exeJoe Sandbox ML: detected
Source: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: l4.exeJoe Sandbox ML: detected
Source: l4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: l4.exe, 00000000.00000002.3775677365.00007FF6CBA6B000.00000004.00000001.01000000.00000003.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000002.2156046797.00007FF7E43BB000.00000004.00000001.01000000.0000000C.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: l4.exe, 00000000.00000003.1942716174.0000021E947E5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47CD9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: l4.exe, 00000000.00000003.1942716174.0000021E9474D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47C41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E947E5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47CD9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: l4.exe, 00000000.00000002.3775677365.00007FF6CBA6B000.00000004.00000001.01000000.00000003.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000002.2156046797.00007FF7E43BB000.00000004.00000001.01000000.0000000C.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp
Source: global trafficTCP traffic: 192.168.2.4:49736 -> 194.59.30.220:1336
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: unknownTCP traffic detected without corresponding DNS query: 194.59.30.220
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE133862B4 recv,2_2_00007FFE133862B4
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: l4.exeString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: l4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://speleotrove.com/decimal/decarith.html
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E94896000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: l4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: l4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3775759228.00000187AFC1C000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2149238002.000001F40255C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: l4.exeString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: l4.exeString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: l4.exeString found in binary or memory: https://json.org
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000000.1953252069.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000002.00000002.3777464571.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nuitka.net/info/segfault.html
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000000.1953252069.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000002.00000002.3777464571.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nuitka.net/info/segfault.htmlfor
Source: l4.exeString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: l4.exe, l4.exe, 00000006.00000002.2149635646.000001F402880000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: l4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.ibm.com/
Source: l4.exe, 00000000.00000003.1942716174.0000021E94886000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
Source: l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779053332.00007FFDFB308000.00000008.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151469981.00007FFDFAC59000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D12B02_2_00007FFE126D12B0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126DFA882_2_00007FFE126DFA88
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D46502_2_00007FFE126D4650
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D5F002_2_00007FFE126D5F00
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D23B02_2_00007FFE126D23B0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D2F802_2_00007FFE126D2F80
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D8F402_2_00007FFE126D8F40
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D73F82_2_00007FFE126D73F8
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D19202_2_00007FFE126D1920
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D1A002_2_00007FFE126D1A00
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126D55D02_2_00007FFE126D55D0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE132160802_2_00007FFE13216080
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE132177F82_2_00007FFE132177F8
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13212DC02_2_00007FFE13212DC0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13213DC02_2_00007FFE13213DC0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13213B202_2_00007FFE13213B20
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE132110002_2_00007FFE13211000
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE133810C02_2_00007FFE133810C0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13383B202_2_00007FFE13383B20
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE14637CA02_2_00007FFE14637CA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13308F406_2_00007FFE13308F40
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133023B06_2_00007FFE133023B0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13302F806_2_00007FFE13302F80
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133073F86_2_00007FFE133073F8
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1330FA886_2_00007FFE1330FA88
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133046506_2_00007FFE13304650
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133012B06_2_00007FFE133012B0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13305F006_2_00007FFE13305F00
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133055D06_2_00007FFE133055D0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13301A006_2_00007FFE13301A00
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133019206_2_00007FFE13301920
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133360806_2_00007FFE13336080
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133310006_2_00007FFE13331000
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13333B206_2_00007FFE13333B20
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13332DC06_2_00007FFE13332DC0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13333DC06_2_00007FFE13333DC0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133377F86_2_00007FFE133377F8
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4D10C06_2_00007FFE1A4D10C0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4D3B206_2_00007FFE1A4D3B20
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4F7CA06_2_00007FFE1A4F7CA0
Source: Joe Sandbox ViewDropped File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exe AA50C900E210ABB6BE7D2420D9D5AE34C66818E0491AABD141421D175211FED6
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_bz2.pyd CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.4.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs l4.exe
Source: l4.exe, 00000000.00000002.3775677365.00007FF6CBA6B000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000000.00000003.1942716174.0000021E94886000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs l4.exe
Source: l4.exeBinary or memory string: OriginalFilename vs l4.exe
Source: l4.exe, 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs l4.exe
Source: l4.exe, 00000002.00000002.3779642753.00007FFDFB431000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs l4.exe
Source: l4.exe, 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47D7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs l4.exe
Source: l4.exe, 00000004.00000002.2156046797.00007FF7E43BB000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs l4.exe
Source: l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs l4.exe
Source: l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs l4.exe
Source: l4.exeBinary or memory string: OriginalFilename vs l4.exe
Source: l4.exe, 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs l4.exe
Source: l4.exe, 00000006.00000002.2151708830.00007FFDFAD81000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs l4.exe
Source: l4.exe, 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs l4.exe
Source: classification engineClassification label: mal72.adwa.winEXE@8/28@0/1
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6692:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7160:120:WilError_03
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851Jump to behavior
Source: l4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\l4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: l4.exeBinary or memory string: Insert thousands separators into a digit string. spec is a dictionary whose keys should include 'thousands_sep' and 'grouping'; typically it's the result of parsing the format specifier using _parse_format_specifier. The min_width keyword arg
Source: l4.exeReversingLabs: Detection: 63%
Source: l4.exeString found in binary or memory: address_list = (address *("," address)) / obs-addr-list obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) We depart from the formal grammar here by continuing to parse until the end of the input, assuming the input to be entirely
Source: l4.exeString found in binary or memory: --helpr
Source: l4.exeString found in binary or memory: --helpr
Source: l4.exeString found in binary or memory: helpz#use -h/--help for command line helprJ
Source: l4.exeString found in binary or memory: helpz#use -h/--help for command line helprJ
Source: l4.exeString found in binary or memory: - conflict_handler -- String indicating how to handle conflicts - add_help -- Add a -h/-help option - allow_abbrev -- Allow long options to be abbreviated unambiguously - exit_on_error -- Determines whether or not ArgumentParser exi
Source: l4.exeString found in binary or memory: angle-addr-startr
Source: l4.exeString found in binary or memory: angle-addr-startr
Source: l4.exeString found in binary or memory: for more digits precision -u/--unit: set the output time unit (nsec, usec, msec, or sec) -h/--help: print this usage message and exit --: separate options from statement, use when statement starts with - statement: statement to be timed (default 'pass
Source: l4.exeString found in binary or memory: for more digits precision -u/--unit: set the output time unit (nsec, usec, msec, or sec) -h/--help: print this usage message and exit --: separate options from statement, use when statement starts with - statement: statement to be timed (default 'pass
Source: l4.exeString found in binary or memory: Usage: mimetypes.py [options] type Options: --help / -h -- print this message and exit --lenient / -l -- additionally search of some common, but non-standard types. --extension / -e -- guess extension instead of
Source: l4.exeString found in binary or memory: Usage: mimetypes.py [options] type Options: --help / -h -- print this message and exit --lenient / -l -- additionally search of some common, but non-standard types. --extension / -e -- guess extension instead of
Source: l4.exeString found in binary or memory: ``True`` if the address is defined as globally reachable by iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ (for IPv6) with the following exception: For IPv4-mapped IPv6-addresses the ``is_private`` value is deter
Source: l4.exeString found in binary or memory: .rte. AIX ABI compatibility is described as guaranteed at: https://www.ibm.com/ support/knowledgecenter/en/ssw_aix_72/install/binary_compatability.html For pep425 purposes the AIX platform tag becomes: "aix-{:1x}{:1d}{:02d}-{:04d}-{}".format(v
Source: l4.exeString found in binary or memory: * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the semantics of the underlying IPv4 addresses and the following condition holds (see :attr:`IPv6Address.ipv4_mapped`):: address.is_private == a
Source: l4.exeString found in binary or memory: Fused multiply-add. Returns self*other+third with no rounding of the intermediate product self*other. self and other are multiplied together, with no rounding of the result. The third operand is then added to the result,
Source: l4.exeString found in binary or memory: The name of the reverse DNS pointer for the IP address, e.g.: >>> ipaddress.ip_address("127.0.0.1").reverse_pointer '1.0.0.127.in-addr.arpa' >>> ipaddress.ip_address("2001:db8::1").reverse_pointer '1.0.0.0.0.0.0.
Source: l4.exeString found in binary or memory: zcUsage: %s [-n | -t | -h] url -n: open new window -t: open new tab -h, --help: show helpr"
Source: l4.exeString found in binary or memory: zcUsage: %s [-n | -t | -h] url -n: open new window -t: open new tab -h, --help: show helpr"
Source: l4.exeString found in binary or memory: msg-id-startr
Source: l4.exeString found in binary or memory: no-fold-literal-startr
Source: l4.exeString found in binary or memory: no-fold-literal-startr
Source: l4.exeString found in binary or memory: msg-id-startr
Source: l4.exeString found in binary or memory: zcUsage: %s [-n | -t | -h] url -n: open new window -t: open new tab -h, --help: show helpr"
Source: l4.exeString found in binary or memory: zcUsage: %s [-n | -t | -h] url -n: open new window -t: open new tab -h, --help: show helpr"
Source: l4.exeString found in binary or memory: The name of the reverse DNS pointer for the IP address, e.g.: >>> ipaddress.ip_address("127.0.0.1").reverse_pointer '1.0.0.127.in-addr.arpa' >>> ipaddress.ip_address("2001:db8::1").reverse_pointer '1.0.0.0.0.0.0.
Source: l4.exeString found in binary or memory: Fused multiply-add. Returns self*other+third with no rounding of the intermediate product self*other. self and other are multiplied together, with no rounding of the result. The third operand is then added to the result,
Source: l4.exeString found in binary or memory: * For IPv4-mapped IPv6-addresses the ``is_private`` value is determined by the semantics of the underlying IPv4 addresses and the following condition holds (see :attr:`IPv6Address.ipv4_mapped`):: address.is_private == a
Source: l4.exeString found in binary or memory: .rte. AIX ABI compatibility is described as guaranteed at: https://www.ibm.com/ support/knowledgecenter/en/ssw_aix_72/install/binary_compatability.html For pep425 purposes the AIX platform tag becomes: "aix-{:1x}{:1d}{:02d}-{:04d}-{}".format(v
Source: l4.exeString found in binary or memory: angle-addr-startr
Source: l4.exeString found in binary or memory: angle-addr-startr
Source: l4.exeString found in binary or memory: ``True`` if the address is defined as globally reachable by iana-ipv4-special-registry_ (for IPv4) or iana-ipv6-special-registry_ (for IPv6) with the following exception: For IPv4-mapped IPv6-addresses the ``is_private`` value is deter
Source: l4.exeString found in binary or memory: for more digits precision -u/--unit: set the output time unit (nsec, usec, msec, or sec) -h/--help: print this usage message and exit --: separate options from statement, use when statement starts with - statement: statement to be timed (default 'pass
Source: l4.exeString found in binary or memory: for more digits precision -u/--unit: set the output time unit (nsec, usec, msec, or sec) -h/--help: print this usage message and exit --: separate options from statement, use when statement starts with - statement: statement to be timed (default 'pass
Source: l4.exeString found in binary or memory: Usage: mimetypes.py [options] type Options: --help / -h -- print this message and exit --lenient / -l -- additionally search of some common, but non-standard types. --extension / -e -- guess extension instead of
Source: l4.exeString found in binary or memory: Usage: mimetypes.py [options] type Options: --help / -h -- print this message and exit --lenient / -l -- additionally search of some common, but non-standard types. --extension / -e -- guess extension instead of
Source: l4.exeString found in binary or memory: --helpr
Source: l4.exeString found in binary or memory: --helpr
Source: l4.exeString found in binary or memory: helpz#use -h/--help for command line helprJ
Source: l4.exeString found in binary or memory: helpz#use -h/--help for command line helprJ
Source: l4.exeString found in binary or memory: - conflict_handler -- String indicating how to handle conflicts - add_help -- Add a -h/-help option - allow_abbrev -- Allow long options to be abbreviated unambiguously - exit_on_error -- Determines whether or not ArgumentParser exi
Source: l4.exeString found in binary or memory: address_list = (address *("," address)) / obs-addr-list obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) We depart from the formal grammar here by continuing to parse until the end of the input, assuming the input to be entirely
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile read: C:\Users\user\Desktop\l4.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\l4.exe "C:\Users\user\Desktop\l4.exe"
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe C:\Users\user\Desktop\l4.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe"
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe C:\Users\user\Desktop\l4.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe"Jump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\l4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeSection loaded: python312.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeSection loaded: python312.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: l4.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: l4.exeStatic file information: File size 6174208 > 1048576
Source: l4.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5b3000
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: l4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: l4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: l4.exe, 00000000.00000002.3775677365.00007FF6CBA6B000.00000004.00000001.01000000.00000003.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000002.2156046797.00007FF7E43BB000.00000004.00000001.01000000.0000000C.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94F1B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4840F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: l4.exe, 00000000.00000003.1942716174.0000021E947E5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47CD9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: l4.exe, 00000000.00000003.1942716174.0000021E9474D000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47C41000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E947E5000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47CD9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: l4.exe, 00000000.00000003.1942716174.0000021E94372000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47866000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: l4.exe, 00000000.00000002.3775677365.00007FF6CBA6B000.00000004.00000001.01000000.00000003.sdmp, l4.exe, 00000000.00000003.1942716174.0000021E9504B000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000000.00000003.1953805371.0000021E92468000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000002.2156046797.00007FF7E43BB000.00000004.00000001.01000000.0000000C.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4853F000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2095754277.000001FA45958000.00000004.00000020.00020000.00000000.sdmp
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: l4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: vcruntime140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
Source: l4.exeStatic PE information: section name: _RDATA
Source: vcruntime140.dll.0.drStatic PE information: section name: fothk
Source: vcruntime140.dll.0.drStatic PE information: section name: _RDATA
Source: l4.exe.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: l4.exe.2.drStatic PE information: section name: _RDATA
Source: l4.exe0.2.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.4.drStatic PE information: section name: .00cfg
Source: python312.dll.4.drStatic PE information: section name: PyRuntim
Source: vcruntime140.dll.4.drStatic PE information: section name: fothk
Source: vcruntime140.dll.4.drStatic PE information: section name: _RDATA
Source: l4.exe.4.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13219B0C push 82000085h; retn 0000h2_2_00007FFE13219B11
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13339B0C push 82000085h; retn 0000h6_2_00007FFE13339B11
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\python312.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exeJump to dropped file

Boot Survival

barindex
Drops PE files to the startup folder
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_wmi.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeAPI coverage: 2.2 %
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe TID: 6980Thread sleep count: 141 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe TID: 6980Thread sleep time: -141000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: l4.exe, 00000004.00000002.2155771797.000001FA45948000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: l4.exe, 00000002.00000002.3776421990.00000187AFFA4000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000003.2144450033.000001F4025EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2149393855.000001F402600000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000003.2143519244.000001F4025EB000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000003.2144562846.000001F4025F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126E3E60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE126E3E60
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126E3E60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE126E3E60
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE126E38A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE126E38A0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE1321AA7C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE1321AA7C
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE1321A050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE1321A050
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13382D70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE13382D70
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE13383328 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE13383328
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE14640AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE14640AA8
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE148B14E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFE148B14E0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE148B1AA0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFE148B1AA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE13313E60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE13313E60
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE133138A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE133138A0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1333A050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE1333A050
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1333AA7C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE1333AA7C
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4C1AA0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE1A4C1AA0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4C14E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE1A4C14E0
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4D2D70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE1A4D2D70
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4D3328 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE1A4D3328
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A500AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE1A500AA8
Source: C:\Users\user\Desktop\l4.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe C:\Users\user\Desktop\l4.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeQueries volume information: C:\Users\user\Desktop\l4.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\l4.exeCode function: 0_2_00007FF6CBA2C0F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6CBA2C0F0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE133850C0 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFE133850C0
Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exeCode function: 2_2_00007FFE133860CC _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,2_2_00007FFE133860CC
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4D60CC _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,6_2_00007FFE1A4D60CC
Source: C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exeCode function: 6_2_00007FFE1A4D50C0 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,6_2_00007FFE1A4D50C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		12
Registry Run Keys / Startup Folder		11
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		12
Registry Run Keys / Startup Folder		1
Virtualization/Sandbox Evasion		LSASS Memory111
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets13
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
l4.exe63%ReversingLabsWin64.Trojan.Amadey
l4.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exe100%Joe Sandbox ML
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exe100%Joe Sandbox ML
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exe63%ReversingLabsWin64.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe5%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exe5%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140_1.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe63%ReversingLabsWin64.Trojan.Amadey

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64l4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpfalse
    		high
    https://nuitka.net/info/segfault.htmll4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000000.1953252069.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000002.00000002.3777464571.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/l4.exefalse
        		high
        https://github.com/python/importlib_metadata/wiki/Development-Methodologyl4.exefalse
          		high
          https://www.ibm.com/l4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpfalse
            		high
            https://github.com/python/cpython/issues/86361.l4.exefalse
              		high
              https://www.openssl.org/Hl4.exe, 00000000.00000003.1942716174.0000021E94886000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47D7A000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://json.orgl4.exefalse
                  		high
                  http://www.iana.org/time-zones/repository/tz-link.htmll4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpfalse
                    		high
                    https://packaging.python.org/specifications/entry-points/l4.exefalse
                      		high
                      http://www.cl.cam.ac.uk/~mgk25/iso-time.htmll4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpfalse
                        		high
                        https://peps.python.org/pep-0205/l4.exe, l4.exe, 00000006.00000002.2149635646.000001F402880000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://speleotrove.com/decimal/decarith.htmll4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpfalse
                            		high
                            https://docs.python.org/3/howto/mro.html.l4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3775759228.00000187AFC1C000.00000004.00001000.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2149238002.000001F40255C000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://www.python.org/psf/license/)l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                		high
                                http://www.phys.uu.nl/~vgent/calendar/isocalendar.html4.exe, l4.exe, 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpfalse
                                  		high
                                  https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyl4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://nuitka.net/info/segfault.htmlforl4.exe, 00000000.00000003.1942716174.0000021E93D13000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000000.1953252069.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000002.00000002.3777464571.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA47207000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://peps.python.org/pep-0263/l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmpfalse
                                        		high
                                        https://www.python.org/psf/license/l4.exe, 00000000.00000003.1942716174.0000021E94C8A000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000002.00000002.3779053332.00007FFDFB308000.00000008.00000001.01000000.00000005.sdmp, l4.exe, 00000004.00000003.2088356423.000001FA4817E000.00000004.00000020.00020000.00000000.sdmp, l4.exe, 00000006.00000002.2151469981.00007FFDFAC59000.00000008.00000001.01000000.0000000E.sdmpfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          194.59.30.220
                                          		unknownGermany
                                          		30823COMBAHTONcombahtonGmbHDEfalse

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1577336
                                          Start date and time:2024-12-18 12:15:31 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 10m 9s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Run name:Run with higher sleep bypass
                                          Number of analysed new started processes analysed:8
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:l4.exe
                                          Detection:MAL
                                          Classification:mal72.adwa.winEXE@8/28@0/1
                                          EGA Information:
                                          • Successful, ratio: 50%
                                          HCA Information:Failed
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                          Warnings

                                          • Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe
                                          • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target l4.exe, PID 6672 because there are no executed function
                                          • Execution Graph export aborted for target l4.exe, PID 7148 because there are no executed function
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: l4.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          11:16:53AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          194.59.30.220client.exeGet hashmaliciousUnknownBrowse
                                          • 194.59.30.220:5000/download
                                          client.exeGet hashmaliciousUnknownBrowse
                                          • 194.59.30.220:5000/download

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          COMBAHTONcombahtonGmbHDEclient.exeGet hashmaliciousUnknownBrowse
                                          • 194.59.30.220
                                          client.exeGet hashmaliciousUnknownBrowse
                                          • 194.59.30.220
                                          Shipping Bill No6239999Dt09122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                          • 194.59.30.164
                                          Shipping Bill No6239999Dt09122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                          • 194.59.30.164
                                          Shipping Bill6239999 dated 13122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                          • 194.59.30.164
                                          Support.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.27
                                          Counseling_Services_Overview.docmGet hashmaliciousUnknownBrowse
                                          • 45.147.231.195
                                          Nowe zam#U00f3wienie - 0072291855.pdf (243KB).com.exeGet hashmaliciousQuasarBrowse
                                          • 194.59.31.75
                                          https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                          • 194.59.31.199

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_bz2.pydclient.exeGet hashmaliciousUnknownBrowse
                                            client.exeGet hashmaliciousUnknownBrowse
                                              fWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse
                                                fbc5UlsRXq.exeGet hashmaliciousUnknownBrowse
                                                  5SkF9LFhB3.exeGet hashmaliciousUnknownBrowse
                                                    WUD0WG3OdV.exeGet hashmaliciousUnknownBrowse
                                                      98Y05R2rTb.exeGet hashmaliciousUnknownBrowse
                                                        aLsxeH29P2.exeGet hashmaliciousUnknownBrowse
                                                          c9a6BV0eQO.exeGet hashmaliciousUnknownBrowse
                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exefWAr4zGUkY.exeGet hashmaliciousRemcos, Amadey, StealcBrowse

                                                              Created / dropped Files

                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\l4.exe

                                                              Download File
                                                              Process:C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe
                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6174208
                                                              Entropy (8bit):7.990978110457585
                                                              Encrypted:true
                                                              SSDEEP:98304:copJ0ndCADji3dh8iemrdbYOssb5+7wFADy/+sXBuVoDtnOPyz70fhhQAHHDRWfU:cc0cWjigIbCs+ZivuVoDFOKn0fPyqEvo
                                                              MD5:D68F79C459EE4AE03B76FA5BA151A41F
                                                              SHA1:BFA641085D59D58993BA98AC9EE376F898EE5F7B
                                                              SHA-256:AA50C900E210ABB6BE7D2420D9D5AE34C66818E0491AABD141421D175211FED6
                                                              SHA-512:BD4EF3E3708DF81D53B2E9050447032E8DCDCC776CF0353077310F208A30DAB8F31D6EC6769D47FB6C05C642BDD7A58FB4F93D9D28E2DE0EFC01312FBC5E391E
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                              Joe Sandbox View:
                                                              • Filename: fWAr4zGUkY.exe, Detection: malicious, Browse
                                                              Reputation:low
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........jO..jO..jO..!7..lO..!7...O..!7..`O..jO..kO..l...hO..l...BO..l...zO..l...{O..!7..oO..jO...O......kO......kO..RichjO..................PE..d...O.Xg.........."....&.....,\................@..............................`...........`.....................................................<....p..X/[..@..T.............`.....`............................... ...@............ ...............................text...P........................... ..`.rdata....... ......................@..@.data...pN..........................@....pdata..T....@......................@..@_RDATA.......`......................@..@.rsrc...X/[..p...0[.................@..@.reloc........`.......^.............@..B................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_bz2.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):85272
                                                              Entropy (8bit):6.591841805043941
                                                              Encrypted:false
                                                              SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                              MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                              SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                              SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                              SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: client.exe, Detection: malicious, Browse
                                                              • Filename: client.exe, Detection: malicious, Browse
                                                              • Filename: fWAr4zGUkY.exe, Detection: malicious, Browse
                                                              • Filename: fbc5UlsRXq.exe, Detection: malicious, Browse
                                                              • Filename: 5SkF9LFhB3.exe, Detection: malicious, Browse
                                                              • Filename: WUD0WG3OdV.exe, Detection: malicious, Browse
                                                              • Filename: 98Y05R2rTb.exe, Detection: malicious, Browse
                                                              • Filename: aLsxeH29P2.exe, Detection: malicious, Browse
                                                              • Filename: c9a6BV0eQO.exe, Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_decimal.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):257304
                                                              Entropy (8bit):6.565831509727426
                                                              Encrypted:false
                                                              SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                              MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                              SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                              SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                              SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_hashlib.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):66328
                                                              Entropy (8bit):6.227186392528159
                                                              Encrypted:false
                                                              SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                              MD5:A25BC2B21B555293554D7F611EAA75EA
                                                              SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                              SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                              SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_lzma.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):160024
                                                              Entropy (8bit):6.85410280956396
                                                              Encrypted:false
                                                              SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                              MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                              SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                              SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                              SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_socket.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):83736
                                                              Entropy (8bit):6.3186936632343205
                                                              Encrypted:false
                                                              SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                              MD5:69801D1A0809C52DB984602CA2653541
                                                              SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                              SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                              SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\_wmi.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):37656
                                                              Entropy (8bit):6.340152202881265
                                                              Encrypted:false
                                                              SSDEEP:768:rUmqQhTcYr6NxO0VIMCit5YiSyv4YmAJAMxkEn:Im7GBNxO0VIMCiz7SyQYmQxz
                                                              MD5:827615EEE937880862E2F26548B91E83
                                                              SHA1:186346B816A9DE1BA69E51042FAF36F47D768B6C
                                                              SHA-256:73B7EE3156EF63D6EB7DF9900EF3D200A276DF61A70D08BD96F5906C39A3AC32
                                                              SHA-512:45114CAF2B4A7678E6B1E64D84B118FB3437232B4C0ADD345DDB6FBDA87CEBD7B5ADAD11899BDCD95DDFE83FDC3944A93674CA3D1B5F643A2963FBE709E44FB8
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.L...L...L...E..J.......H.......H.......D...Y...N.......Q.......K...L...........M...Y...M...Y...M...Y...M...Y...M...RichL...........PE..d...db.f.........." ...(.*...<.......(...................................................`..........................................V..H...HV..................x....d.../......t...dG..T............................C..@............@.......S..@....................text...n(.......*.................. ..`.rdata..4 ...@..."..................@..@.data........p.......P..............@....pdata..x............T..............@..@.rsrc................X..............@..@.reloc..t............b..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6162432
                                                              Entropy (8bit):5.64790582887791
                                                              Encrypted:false
                                                              SSDEEP:98304:OSoY112XQr2fqDVS1K17UpJwIX4OzWObPPumo0:doq1QQSfqDVgX
                                                              MD5:63C4E3F9C7383D039AB4AF449372C17F
                                                              SHA1:F52FF760A098A006C41269FF73ABB633B811F18E
                                                              SHA-256:151524F6C1D1AEAC530CFD69DE15C3336043DC8EB3F5AEAA31513E24BFD7ACDD
                                                              SHA-512:DCFB4804C5569AD13E752270D13320F8769601B7092544741E35BC62A22AF363B7A5EA7C5A65132C9575540A3E689A6946110502BD0F046385B8739E81761FBF
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8...|..Q|..Q|..Q7..Pw..Q7..P...Q7..Pq..Q|..Q}..Qzz.Q~..Qzz.PU..Qzz.Pl..Qzz.Pm..Qi..P~..Q7..Py..Q|..Q...Q.z.Pz..Q.z.P}..QRich|..Q................PE..d...K.Xg.........."....&.....VY................@..............................^...........`.................................................|...<....`..P.W......4...........p^.....................................p...@............................................text............................... ..`.rdata..t...........................@..@.data...8....`...n...D..............@....pdata...4.......6..................@..@_RDATA.......P......................@..@.rsrc...P.W..`....W.................@..@.reloc.......p^.......].............@..B........................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\libcrypto-3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):5232408
                                                              Entropy (8bit):5.940072183736028
                                                              Encrypted:false
                                                              SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                              MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                              SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                              SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                              SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\python312.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6927640
                                                              Entropy (8bit):5.765552513907485
                                                              Encrypted:false
                                                              SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                              MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                              SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                              SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                              SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\select.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):31000
                                                              Entropy (8bit):6.556986708902353
                                                              Encrypted:false
                                                              SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                              MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                              SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                              SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                              SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\unicodedata.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1138456
                                                              Entropy (8bit):5.4620027688967845
                                                              Encrypted:false
                                                              SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                              MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                              SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                              SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                              SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):119192
                                                              Entropy (8bit):6.6016214745004635
                                                              Encrypted:false
                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\vcruntime140_1.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\l4.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):49528
                                                              Entropy (8bit):6.662491747506177
                                                              Encrypted:false
                                                              SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                              MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                              SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                              SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                              SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_bz2.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):85272
                                                              Entropy (8bit):6.591841805043941
                                                              Encrypted:false
                                                              SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                              MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                              SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                              SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                              SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_decimal.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):257304
                                                              Entropy (8bit):6.565831509727426
                                                              Encrypted:false
                                                              SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                              MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                              SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                              SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                              SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_hashlib.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):66328
                                                              Entropy (8bit):6.227186392528159
                                                              Encrypted:false
                                                              SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                              MD5:A25BC2B21B555293554D7F611EAA75EA
                                                              SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                              SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                              SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_lzma.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):160024
                                                              Entropy (8bit):6.85410280956396
                                                              Encrypted:false
                                                              SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                              MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                              SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                              SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                              SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_socket.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):83736
                                                              Entropy (8bit):6.3186936632343205
                                                              Encrypted:false
                                                              SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                              MD5:69801D1A0809C52DB984602CA2653541
                                                              SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                              SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                              SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\_wmi.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):37656
                                                              Entropy (8bit):6.340152202881265
                                                              Encrypted:false
                                                              SSDEEP:768:rUmqQhTcYr6NxO0VIMCit5YiSyv4YmAJAMxkEn:Im7GBNxO0VIMCiz7SyQYmQxz
                                                              MD5:827615EEE937880862E2F26548B91E83
                                                              SHA1:186346B816A9DE1BA69E51042FAF36F47D768B6C
                                                              SHA-256:73B7EE3156EF63D6EB7DF9900EF3D200A276DF61A70D08BD96F5906C39A3AC32
                                                              SHA-512:45114CAF2B4A7678E6B1E64D84B118FB3437232B4C0ADD345DDB6FBDA87CEBD7B5ADAD11899BDCD95DDFE83FDC3944A93674CA3D1B5F643A2963FBE709E44FB8
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.L...L...L...E..J.......H.......H.......D...Y...N.......Q.......K...L...........M...Y...M...Y...M...Y...M...Y...M...RichL...........PE..d...db.f.........." ...(.*...<.......(...................................................`..........................................V..H...HV..................x....d.../......t...dG..T............................C..@............@.......S..@....................text...n(.......*.................. ..`.rdata..4 ...@..."..................@..@.data........p.......P..............@....pdata..x............T..............@..@.rsrc................X..............@..@.reloc..t............b..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exe

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6162432
                                                              Entropy (8bit):5.64790582887791
                                                              Encrypted:false
                                                              SSDEEP:98304:OSoY112XQr2fqDVS1K17UpJwIX4OzWObPPumo0:doq1QQSfqDVgX
                                                              MD5:63C4E3F9C7383D039AB4AF449372C17F
                                                              SHA1:F52FF760A098A006C41269FF73ABB633B811F18E
                                                              SHA-256:151524F6C1D1AEAC530CFD69DE15C3336043DC8EB3F5AEAA31513E24BFD7ACDD
                                                              SHA-512:DCFB4804C5569AD13E752270D13320F8769601B7092544741E35BC62A22AF363B7A5EA7C5A65132C9575540A3E689A6946110502BD0F046385B8739E81761FBF
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8...|..Q|..Q|..Q7..Pw..Q7..P...Q7..Pq..Q|..Q}..Qzz.Q~..Qzz.PU..Qzz.Pl..Qzz.Pm..Qi..P~..Q7..Py..Q|..Q...Q.z.Pz..Q.z.P}..QRich|..Q................PE..d...K.Xg.........."....&.....VY................@..............................^...........`.................................................|...<....`..P.W......4...........p^.....................................p...@............................................text............................... ..`.rdata..t...........................@..@.data...8....`...n...D..............@....pdata...4.......6..................@..@_RDATA.......P......................@..@.rsrc...P.W..`....W.................@..@.reloc.......p^.......].............@..B........................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\libcrypto-3.dll

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):5232408
                                                              Entropy (8bit):5.940072183736028
                                                              Encrypted:false
                                                              SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                              MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                              SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                              SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                              SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\python312.dll

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6927640
                                                              Entropy (8bit):5.765552513907485
                                                              Encrypted:false
                                                              SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                              MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                              SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                              SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                              SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\select.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):31000
                                                              Entropy (8bit):6.556986708902353
                                                              Encrypted:false
                                                              SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                              MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                              SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                              SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                              SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\unicodedata.pyd

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1138456
                                                              Entropy (8bit):5.4620027688967845
                                                              Encrypted:false
                                                              SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                              MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                              SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                              SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                              SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140.dll

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):119192
                                                              Entropy (8bit):6.6016214745004635
                                                              Encrypted:false
                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\vcruntime140_1.dll

                                                              Download File
                                                              Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):49528
                                                              Entropy (8bit):6.662491747506177
                                                              Encrypted:false
                                                              SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                              MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                              SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                              SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                              SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe

                                                              Download File
                                                              Process:C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe
                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6174208
                                                              Entropy (8bit):7.990978110457585
                                                              Encrypted:true
                                                              SSDEEP:98304:copJ0ndCADji3dh8iemrdbYOssb5+7wFADy/+sXBuVoDtnOPyz70fhhQAHHDRWfU:cc0cWjigIbCs+ZivuVoDFOKn0fPyqEvo
                                                              MD5:D68F79C459EE4AE03B76FA5BA151A41F
                                                              SHA1:BFA641085D59D58993BA98AC9EE376F898EE5F7B
                                                              SHA-256:AA50C900E210ABB6BE7D2420D9D5AE34C66818E0491AABD141421D175211FED6
                                                              SHA-512:BD4EF3E3708DF81D53B2E9050447032E8DCDCC776CF0353077310F208A30DAB8F31D6EC6769D47FB6C05C642BDD7A58FB4F93D9D28E2DE0EFC01312FBC5E391E
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 63%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........jO..jO..jO..!7..lO..!7...O..!7..`O..jO..kO..l...hO..l...BO..l...zO..l...{O..!7..oO..jO...O......kO......kO..RichjO..................PE..d...O.Xg.........."....&.....,\................@..............................`...........`.....................................................<....p..X/[..@..T.............`.....`............................... ...@............ ...............................text...P........................... ..`.rdata....... ......................@..@.data...pN..........................@....pdata..T....@......................@..@_RDATA.......`......................@..@.rsrc...X/[..p...0[.................@..@.reloc........`.......^.............@..B................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (console) x86-64, for MS Windows
                                                              Entropy (8bit):7.990978110457585
                                                              TrID:
                                                              • Win64 Executable Console (202006/5) 92.65%
                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                              • DOS Executable Generic (2002/1) 0.92%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:l4.exe
                                                              File size:6'174'208 bytes
                                                              MD5:d68f79c459ee4ae03b76fa5ba151a41f
                                                              SHA1:bfa641085d59d58993ba98ac9ee376f898ee5f7b
                                                              SHA256:aa50c900e210abb6be7d2420d9d5ae34c66818e0491aabd141421d175211fed6
                                                              SHA512:bd4ef3e3708df81d53b2e9050447032e8dcdcc776cf0353077310f208a30dab8f31d6ec6769d47fb6c05c642bdd7a58fb4f93d9d28e2de0efc01312fbc5e391e
                                                              SSDEEP:98304:copJ0ndCADji3dh8iemrdbYOssb5+7wFADy/+sXBuVoDtnOPyz70fhhQAHHDRWfU:cc0cWjigIbCs+ZivuVoDFOKn0fPyqEvo
                                                              TLSH:8E56335AF26140FCE71B62B49CAA0363F9B7785913019BDF52707A669F337C11A2A331
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........jO..jO..jO..!7..lO..!7...O..!7..`O..jO..kO..l...hO..l...BO..l...zO..l...{O..!7..oO..jO...O......kO......kO..RichjO.........

                                                              File Icon

                                                              Icon Hash:90cececece8e8eb0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x14000be9c
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows cui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x6758824F [Tue Dec 10 18:02:55 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:8e3dad4d4ea6736338bcc4aca7b446c9

                                                              Entrypoint Preview

                                                              Instruction
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007F6074D777B0h
                                                              dec eax
                                                              add esp, 28h
                                                              jmp 00007F6074D773D7h
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007F6074D77CF0h
                                                              test eax, eax
                                                              je 00007F6074D77583h
                                                              dec eax
                                                              mov eax, dword ptr [00000030h]
                                                              dec eax
                                                              mov ecx, dword ptr [eax+08h]
                                                              jmp 00007F6074D77567h
                                                              dec eax
                                                              cmp ecx, eax
                                                              je 00007F6074D77576h
                                                              xor eax, eax
                                                              dec eax
                                                              cmpxchg dword ptr [0002419Ch], ecx
                                                              jne 00007F6074D77550h
                                                              xor al, al
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              mov al, 01h
                                                              jmp 00007F6074D77559h
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              test ecx, ecx
                                                              jne 00007F6074D77569h
                                                              mov byte ptr [00024185h], 00000001h
                                                              call 00007F6074D77AFDh
                                                              call 00007F6074D77F40h
                                                              test al, al
                                                              jne 00007F6074D77566h
                                                              xor al, al
                                                              jmp 00007F6074D77576h
                                                              call 00007F6074D7FE1Bh
                                                              test al, al
                                                              jne 00007F6074D7756Bh
                                                              xor ecx, ecx
                                                              call 00007F6074D77F50h
                                                              jmp 00007F6074D7754Ch
                                                              mov al, 01h
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              int3
                                                              int3
                                                              inc eax
                                                              push ebx
                                                              dec eax
                                                              sub esp, 20h
                                                              cmp byte ptr [0002414Ch], 00000000h
                                                              mov ebx, ecx
                                                              jne 00007F6074D775C9h
                                                              cmp ecx, 01h
                                                              jnbe 00007F6074D775CCh
                                                              call 00007F6074D77C66h
                                                              test eax, eax
                                                              je 00007F6074D7758Ah
                                                              test ebx, ebx
                                                              jne 00007F6074D77586h
                                                              dec eax
                                                              lea ecx, dword ptr [00024136h]
                                                              call 00007F6074D7FC3Ah
                                                              test eax, eax
                                                              jne 00007F6074D77572h
                                                              dec eax
                                                              lea ecx, dword ptr [0002413Eh]
                                                              call 00007F6074D7762Ah

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2e0fc0x3c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x5b2f58.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x540000x1854.pdata
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x60a0000x688.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2bf600x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2be200x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x220000x2e0.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x204500x20600d5881c799223a7c43227753af4dfb945False0.5567084942084942data6.520018060774394IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x220000xcab00xcc000e51738cb3a1352b016ad756319571fcFalse0.47909007352941174PGP symmetric key encrypted data - Plaintext or unencrypted data5.144088628907143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x2f0000x24e700xc006d8f02b8aab3664e63abe84f259bc1c7False0.13802083333333334data1.9439948621662484IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .pdata0x540000x18540x1a002939e1273090608fed331aea22bcb0fdFalse0.45703125PEX Binary Archive5.057262605805601IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              _RDATA0x560000x1f40x2003bbe165281ec2be875b71c5ef5761cf3False0.525390625data3.671095801963117IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .rsrc0x570000x5b2f580x5b3000d805cd73a079d91d788f02c118c10a48unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x60a0000x6880x800fd808e45828696952605c6bce78bb2f4False0.5126953125data4.934942496146745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_RCDATA0x570a00x5b2ac0data0.9976177215576172
                                                              RT_MANIFEST0x609b600x3f8ASCII text, with very long lines (1016), with no line terminators0.4655511811023622

                                                              Imports

                                                              DLLImport
                                                              SHELL32.dllSHFileOperationW, SHGetFolderPathW, CommandLineToArgvW
                                                              KERNEL32.dllSetLastError, WriteConsoleW, HeapReAlloc, CreateDirectoryW, SizeofResource, SetConsoleCtrlHandler, GetCommandLineW, GetStdHandle, WriteFile, TerminateProcess, GetModuleFileNameW, SetEnvironmentVariableW, GetTempPathW, FindResourceA, WaitForSingleObject, CreateFileW, GetFileAttributesW, Sleep, GetLastError, LockResource, CloseHandle, LoadResource, GetProcAddress, GetCurrentProcessId, CreateProcessW, WideCharToMultiByte, GetSystemTimeAsFileTime, FormatMessageA, GetExitCodeProcess, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, HeapSize, RtlUnwindEx, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapAlloc, MultiByteToWideChar, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 18, 2024 12:16:51.672221899 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:51.791986942 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:51.792228937 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:51.792483091 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:51.912645102 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:52.949664116 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:52.996274948 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:53.194237947 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:53.246397018 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:54.032933950 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:54.074923038 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:54.223797083 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:54.278122902 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:54.950719118 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:55.070492983 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:55.344978094 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:55.387985945 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:55.954701900 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:56.074470997 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:59.769996881 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:16:59.770178080 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:16:59.889772892 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:05.236048937 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:05.236329079 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:05.355813980 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:05.474544048 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:05.594008923 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:05.594152927 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:05.594286919 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:05.714472055 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:06.752315998 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:06.797878981 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:06.985215902 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:07.032301903 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:07.835633039 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:07.881480932 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:08.026549101 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:08.069014072 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:08.757177114 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:08.876719952 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:09.148925066 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:09.194574118 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:09.758310080 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:09.877927065 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:10.153251886 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:10.153336048 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:10.153426886 CET497381336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:10.272939920 CET133649738194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:10.745728970 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:10.745929003 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:10.865438938 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:16.224775076 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:16.225146055 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:16.346191883 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:21.711512089 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:21.711874962 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:21.831535101 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:27.206455946 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:27.206664085 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:27.326353073 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:32.718496084 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:32.718821049 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:32.838556051 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:38.198170900 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:38.198643923 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:38.320244074 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:43.772552013 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:43.772769928 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:43.892374039 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:49.258513927 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:49.258766890 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:49.378454924 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:54.749619961 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:17:54.749880075 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:17:54.869647026 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:00.223273039 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:00.223470926 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:00.343194008 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:05.726129055 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:05.726313114 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:05.846010923 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:11.228756905 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:11.228979111 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:11.348622084 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:16.739295006 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:16.739556074 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:16.859100103 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:22.215440989 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:22.218697071 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:22.340392113 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:27.719666958 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:27.719898939 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:27.839534044 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:33.238096952 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:33.238344908 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:33.357974052 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:38.741867065 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:38.742122889 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:38.862051010 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:44.226605892 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:44.226835012 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:44.347466946 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:49.711858988 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:49.712069988 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:49.832752943 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:55.196633101 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:18:55.196847916 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:18:55.316471100 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:00.690519094 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:00.690864086 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:00.810383081 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:09.141727924 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:09.141932011 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:09.261632919 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:14.650578022 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:14.650760889 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:14.770251036 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:20.086085081 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:20.086296082 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:20.205874920 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:25.565502882 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:25.565860033 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:25.685421944 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:31.023541927 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:31.040535927 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:31.160294056 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:36.484811068 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:36.485816956 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:36.605432987 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:41.937901020 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:41.938232899 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:42.061851978 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:47.413461924 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:47.413774967 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:47.533518076 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:52.862473011 CET133649736194.59.30.220192.168.2.4
                                                              Dec 18, 2024 12:19:52.862641096 CET497361336192.168.2.4194.59.30.220
                                                              Dec 18, 2024 12:19:52.983546972 CET133649736194.59.30.220192.168.2.4

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:06:16:47
                                                              Start date:18/12/2024
                                                              Path:C:\Users\user\Desktop\l4.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\l4.exe"
                                                              Imagebase:0x7ff6cba20000
                                                              File size:6'174'208 bytes
                                                              MD5 hash:D68F79C459EE4AE03B76FA5BA151A41F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:1
                                                              Start time:06:16:48
                                                              Start date:18/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:2
                                                              Start time:06:16:50
                                                              Start date:18/12/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\onefile_6672_133789942081684851\l4.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Users\user\Desktop\l4.exe
                                                              Imagebase:0x7ff63d540000
                                                              File size:6'162'432 bytes
                                                              MD5 hash:63C4E3F9C7383D039AB4AF449372C17F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 5%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:4
                                                              Start time:06:17:02
                                                              Start date:18/12/2024
                                                              Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe"
                                                              Imagebase:0x7ff7e4370000
                                                              File size:6'174'208 bytes
                                                              MD5 hash:D68F79C459EE4AE03B76FA5BA151A41F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 63%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:06:17:02
                                                              Start date:18/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:6
                                                              Start time:06:17:04
                                                              Start date:18/12/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\onefile_7148_133789942223114390\l4.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l4.exe"
                                                              Imagebase:0x7ff747070000
                                                              File size:6'162'432 bytes
                                                              MD5 hash:63C4E3F9C7383D039AB4AF449372C17F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Antivirus matches:
                                                              • Detection: 5%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Non-executed Functions

                                                                Function 00007FF6CBA2C0F0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.3775552060.00007FF6CBA21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CBA20000, based on PE: true
                                                                • Associated: 00000000.00000002.3775525440.00007FF6CBA20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3775645372.00007FF6CBA42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3775677365.00007FF6CBA4F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3775677365.00007FF6CBA61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3775677365.00007FF6CBA6B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.3775771952.00007FF6CBA74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff6cba20000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: e5452eedf9582e092569b7414b2f17c91349fbc22d9af30a0b797327307e927a
                                                                • Instruction ID: 867643fe84231fcb2597af532abe68339d5482b14dd33be42813efca33b4562f
                                                                • Opcode Fuzzy Hash: e5452eedf9582e092569b7414b2f17c91349fbc22d9af30a0b797327307e927a
                                                                • Instruction Fuzzy Hash: D8115E22B14F119AEB00CFA0E8442B833A4FB5D759F042E31EAAD837A4EF38D1548740

                                                                Executed Functions

                                                                Function 00007FFE133810C0 Relevance: 694.3, APIs: 203, Strings: 193, Instructions: 1313networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$Constant$String$Object$Err_$ConditionFromMask$DeallocException$Capsule_DictDict_ExitFormatInfoLongLong_MallocMem_MemoryMetaclassStartupTypeType_Unicode_UnsignedVerifyVersionmemset
                                                                • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                • API String ID: 1196102948-1188461360
                                                                • Opcode ID: 0fb31f2eee656220925b4e47e62874025d6cd115870c459d51081d29a567eca9
                                                                • Instruction ID: 7c242d5149c34758ba6680376f24d2334e20d1b52a678b3ab8ebd234e91332be
                                                                • Opcode Fuzzy Hash: 0fb31f2eee656220925b4e47e62874025d6cd115870c459d51081d29a567eca9
                                                                • Instruction Fuzzy Hash: C5D2CB60F08E135AFB108B27AC5026816547F65BE1F8056F9C93FA6E74EF6DE285C348
                                                                Function 00007FFE133862B4 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 408 7ffe133862b4-7ffe133862c8 409 7ffe133862ca-7ffe133862d2 408->409 410 7ffe133862d8-7ffe133862fb recv 408->410 409->410
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: recv
                                                                • String ID:
                                                                • API String ID: 1507349165-0
                                                                • Opcode ID: a704ae423db7ff80c5d8b78b9383ad9a6b728f341f5aa79d46b21ad35153d223
                                                                • Instruction ID: ed37d0bd6d4ad7d2ad93581b080bdc0e5da90ff5991ca2953f2217c4ecbd76ea
                                                                • Opcode Fuzzy Hash: a704ae423db7ff80c5d8b78b9383ad9a6b728f341f5aa79d46b21ad35153d223
                                                                • Instruction Fuzzy Hash: D8E04FF2A10A4982D7145B56E0402687360F719FB4F245761CA3C1B7E0DE38D4E1C740
                                                                Function 00007FFE13385AFC Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadnetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 229 7ffe13385afc-7ffe13385b4d PyType_GetModuleByDef 230 7ffe13385b4f-7ffe13385b59 229->230 231 7ffe13385b5b-7ffe13385b80 PySys_Audit 229->231 230->231 232 7ffe13385b9b-7ffe13385ba9 230->232 233 7ffe13385b82-7ffe13385b85 231->233 234 7ffe13385bd6 231->234 237 7ffe13385baf-7ffe13385bb7 232->237 238 7ffe13385d6e-7ffe13385d7e PyLong_AsLongLong 232->238 235 7ffe13385b8b-7ffe13385b95 233->235 236 7ffe13385e46-7ffe13385ea9 PyEval_SaveThread WSASocketW PyEval_RestoreThread 233->236 239 7ffe13385bdb-7ffe13385bfe call 7ffe13382a00 234->239 235->232 235->236 240 7ffe13385d20-7ffe13385d25 call 7ffe13384a88 236->240 241 7ffe13385eaf-7ffe13385ecd call 7ffe13384420 236->241 242 7ffe13385bff-7ffe13385c08 237->242 243 7ffe13385bb9-7ffe13385bd0 PyErr_Format 237->243 244 7ffe13385d80-7ffe13385d89 PyErr_Occurred 238->244 245 7ffe13385dab-7ffe13385dda memset getsockname 238->245 240->234 263 7ffe13385d44-7ffe13385d4d closesocket 241->263 264 7ffe13385ed3-7ffe13385ed5 241->264 253 7ffe13385c10-7ffe13385c61 242->253 243->234 244->234 249 7ffe13385d8f-7ffe13385da6 PyErr_SetString 244->249 250 7ffe13385ddc-7ffe13385ddf 245->250 251 7ffe13385de8-7ffe13385deb 245->251 249->234 258 7ffe13385e02-7ffe13385e06 250->258 259 7ffe13385de1-7ffe13385de6 250->259 251->240 254 7ffe13385df1-7ffe13385dfc WSAGetLastError 251->254 253->253 255 7ffe13385c63-7ffe13385cd6 PySys_Audit 253->255 254->240 254->258 255->234 260 7ffe13385cdc-7ffe13385d1e PyEval_SaveThread WSASocketW PyEval_RestoreThread 255->260 261 7ffe13385e41-7ffe13385e44 258->261 262 7ffe13385e08-7ffe13385e36 getsockopt 258->262 259->258 260->240 265 7ffe13385d2a-7ffe13385d3a SetHandleInformation 260->265 261->241 262->240 266 7ffe13385e3c 262->266 263->234 264->239 267 7ffe13385d52-7ffe13385d69 265->267 268 7ffe13385d3c-7ffe13385d3e PyErr_SetFromWindowsErr 265->268 266->261 267->241 268->263
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_$ErrorFormatFromHandleInformationLastLong_ModuleOccurredStringType_Windowsclosesocketgetsocknamegetsockoptmemset
                                                                • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                • API String ID: 3363282672-2881308447
                                                                • Opcode ID: 4cb0448f202c41487222ee5ef5d738bee55fded3baec7f269166aa18e43a2a4b
                                                                • Instruction ID: 3bf32595cf3be18fe177f490ea6c67b0aba13e4fb4b3570e4e9d6e801dfb3c2c
                                                                • Opcode Fuzzy Hash: 4cb0448f202c41487222ee5ef5d738bee55fded3baec7f269166aa18e43a2a4b
                                                                • Instruction Fuzzy Hash: D1B15362A08E8586F6108F2AD4042BD6360FBA5BB4F1453B5DE6D63AF5DF3CE5C48704
                                                                Function 00007FFE13385190 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114networkthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 269 7ffe13385190-7ffe133851c4 270 7ffe133851c7-7ffe133851ca 269->270 271 7ffe133851dc-7ffe133851df 270->271 272 7ffe133851cc-7ffe133851d4 270->272 275 7ffe13385203-7ffe13385212 _PyDeadline_Init 271->275 276 7ffe133851e1-7ffe133851ed _PyDeadline_Get 271->276 273 7ffe1338527b-7ffe13385289 PyEval_SaveThread 272->273 274 7ffe133851da 272->274 309 7ffe1338528c call 7ffe13386894 273->309 310 7ffe1338528c call 7ffe133862b4 273->310 277 7ffe13385215 274->277 275->277 278 7ffe133851ef-7ffe133851f2 276->278 279 7ffe13385218-7ffe13385230 call 7ffe13384594 276->279 277->279 281 7ffe1338530c-7ffe1338531d PyErr_SetString 278->281 282 7ffe133851f8-7ffe133851fe 278->282 293 7ffe13385272-7ffe13385275 279->293 294 7ffe13385232-7ffe13385235 279->294 280 7ffe13385290-7ffe1338529d PyEval_RestoreThread 284 7ffe1338529f-7ffe133852a2 280->284 285 7ffe133852fd-7ffe13385300 280->285 286 7ffe13385323 281->286 282->286 290 7ffe133852a4-7ffe133852aa WSAGetLastError 284->290 291 7ffe133852ac-7ffe133852b7 WSAGetLastError 284->291 288 7ffe13385302 285->288 289 7ffe13385308-7ffe1338530a 285->289 292 7ffe13385328-7ffe13385336 286->292 288->289 289->292 290->291 295 7ffe133852c5-7ffe133852ca 291->295 296 7ffe133852b9-7ffe133852c1 PyErr_CheckSignals 291->296 293->273 293->278 297 7ffe1338523f-7ffe1338524a WSAGetLastError 294->297 298 7ffe13385237-7ffe1338523d WSAGetLastError 294->298 302 7ffe133852f3-7ffe133852f6 295->302 303 7ffe133852cc-7ffe133852db WSAGetLastError 295->303 296->273 301 7ffe133852c3 296->301 299 7ffe13385250-7ffe13385258 PyErr_CheckSignals 297->299 300 7ffe133852f8-7ffe133852fb 297->300 298->297 299->270 304 7ffe1338525e-7ffe13385261 299->304 300->286 301->304 302->286 302->300 303->270 305 7ffe133852e1-7ffe133852ec WSAGetLastError 303->305 304->286 307 7ffe13385267-7ffe1338526d 304->307 305->302 306 7ffe133852ee 305->306 306->270 307->286 309->280 310->280
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Eval_Thread$Err_$CheckDeadline_RestoreSaveSignals$InitStringTime_Timeval_clampselect
                                                                • String ID: timed out
                                                                • API String ID: 497267021-3163636755
                                                                • Opcode ID: e8d612662e15c7c42ff97858117ad99e66a695495dedd8023d3accc3127b9541
                                                                • Instruction ID: 48cb3709f351d9dfd4edb89643f6b09cad85ea6c693fbe93d0354d5237c8858f
                                                                • Opcode Fuzzy Hash: e8d612662e15c7c42ff97858117ad99e66a695495dedd8023d3accc3127b9541
                                                                • Instruction Fuzzy Hash: 71414B21E09E42CEFA615B67A44437D6290AF64B75F1443F0CD6E62EF8DF7CA8C58608
                                                                Function 00007FFE13386C9C Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                • API String ID: 418579395-1608436615
                                                                • Opcode ID: e5620e990f8220b448d5b59fe45baab9dc0f6dbd4740d24abe31777b74632af3
                                                                • Instruction ID: 291bac0d470fd77d1fdc1625816bf06f360a707bd18431fb0775cf4b84713b98
                                                                • Opcode Fuzzy Hash: e5620e990f8220b448d5b59fe45baab9dc0f6dbd4740d24abe31777b74632af3
                                                                • Instruction Fuzzy Hash: 7541CC31608E869AEB208F16E4446AD7360FB98BA4F5002B1DA6D53B74DF7CD589C748
                                                                Function 00007FFE13384484 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77networkthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Eval_Thread$CheckErr_RestoreSaveSignalsconnect
                                                                • String ID: 3'
                                                                • API String ID: 4284410693-280543908
                                                                • Opcode ID: ed0aa6f5daee608154e3db044a1abba8314d7115e20110d062241df6d74eb585
                                                                • Instruction ID: 38b870e79be53713e39a28f7d37d99c95035d1f2d1070e6497b928704db0a7ce
                                                                • Opcode Fuzzy Hash: ed0aa6f5daee608154e3db044a1abba8314d7115e20110d062241df6d74eb585
                                                                • Instruction Fuzzy Hash: 2B310121B09F428AE7605F67A54457D6690AF64BA4F0403F9EA6E73FB5DF3CE4C08608
                                                                Function 00007FFE13386198 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                                                • String ID: negative buffersize in recv$n|i:recv
                                                                • API String ID: 1342606314-3647384195
                                                                • Opcode ID: 29fb8dffb30c6af5d72d23fc4fc4b8e2e26d01538630a85b1ae85e9e50577ef5
                                                                • Instruction ID: 8fbc1f0cec45afd6f3e7fe18afbe4573494669f23eec432afb1bcafca86b5e0f
                                                                • Opcode Fuzzy Hash: 29fb8dffb30c6af5d72d23fc4fc4b8e2e26d01538630a85b1ae85e9e50577ef5
                                                                • Instruction Fuzzy Hash: E0115E71B08E428AEE118B66E44417DA361FFA4BB4F4002F2DA9D66BB5DF7CE184D704
                                                                Function 00007FFE1338599C Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                • String ID:
                                                                • API String ID: 591546834-0
                                                                • Opcode ID: eaa410074ab6af26ceaef7c7596cb67db9cb42dc3dbf0cc41afd0b861dd1535a
                                                                • Instruction ID: 289951218b588f809d02b93e6d2ad28f5bd3746ec9a0c47f2863025c6d2c65f3
                                                                • Opcode Fuzzy Hash: eaa410074ab6af26ceaef7c7596cb67db9cb42dc3dbf0cc41afd0b861dd1535a
                                                                • Instruction Fuzzy Hash: DD417461A19E418AFE529B23A4843BC2290BF24BB4F1447B5DD6E63FE4DF3CE4C58244
                                                                Function 00007FFE133867E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                                                • String ID: y*|i:send
                                                                • API String ID: 3302300731-3140140677
                                                                • Opcode ID: 95aff07904a5713212a361be42d32b99a9b670a8c5ed14225624f7d16d8b4274
                                                                • Instruction ID: ad35c5fca2bf9e547c16f89abaf54bc35e7c767185dea367f4e49a85fdf4d8ea
                                                                • Opcode Fuzzy Hash: 95aff07904a5713212a361be42d32b99a9b670a8c5ed14225624f7d16d8b4274
                                                                • Instruction Fuzzy Hash: 3E114C71608F458AE710CF66E4443AE73A0FB98BA4F5002B2DA9D93B64DF3DD584CB54
                                                                Function 00007FFE133853A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00007FFE13383DD0: PyErr_Format.PYTHON312 ref: 00007FFE13384154
                                                                • PySys_Audit.PYTHON312 ref: 00007FFE133853FC
                                                                  • Part of subcall function 00007FFE13384484: PyEval_SaveThread.PYTHON312 ref: 00007FFE133844A2
                                                                  • Part of subcall function 00007FFE13384484: connect.WS2_32 ref: 00007FFE133844B5
                                                                  • Part of subcall function 00007FFE13384484: PyEval_RestoreThread.PYTHON312 ref: 00007FFE133844C0
                                                                  • Part of subcall function 00007FFE13384484: WSAGetLastError.WS2_32 ref: 00007FFE133844CE
                                                                  • Part of subcall function 00007FFE13384484: WSAGetLastError.WS2_32 ref: 00007FFE133844DA
                                                                  • Part of subcall function 00007FFE13384484: PyErr_CheckSignals.PYTHON312 ref: 00007FFE133844E7
                                                                  • Part of subcall function 00007FFE13384484: WSASetLastError.WS2_32 ref: 00007FFE13384501
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                • String ID: connect$socket.connect
                                                                • API String ID: 2206401578-326844852
                                                                • Opcode ID: f61d2d1e51494460e737621043c48afaf6b2b37121598ef846ec6ce56cffa346
                                                                • Instruction ID: 19f6647489cee3043191d1df0bdc88b2053e1fe86a5c55d746ef3bf01281220c
                                                                • Opcode Fuzzy Hash: f61d2d1e51494460e737621043c48afaf6b2b37121598ef846ec6ce56cffa346
                                                                • Instruction Fuzzy Hash: 81113C21708E82C9F7209B23F4407AA6360BF647A4F4012B2DA6D67F69DE2DE185C704
                                                                Function 00007FFE13386894 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 411 7ffe13386894-7ffe133868a8 412 7ffe133868aa-7ffe133868b2 411->412 413 7ffe133868b8-7ffe133868db send 411->413 412->413
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID:
                                                                • API String ID: 2809346765-0
                                                                • Opcode ID: 857e2324bf16085a4ea68c05b138027c44fdbe11cde1698f6f4c9787cdbcdc49
                                                                • Instruction ID: 0e24fcf9ddc0637d839c5c3a9703ff150ee0b936d50e69c30d76812901407daa
                                                                • Opcode Fuzzy Hash: 857e2324bf16085a4ea68c05b138027c44fdbe11cde1698f6f4c9787cdbcdc49
                                                                • Instruction Fuzzy Hash: 39E04FF2E14A4586DB145B56E0442687360F719FB4F645765CA3C1B7E0DE38D5E1C740

                                                                Non-executed Functions

                                                                Function 00007FFE14637CA0 Relevance: 85.0, APIs: 33, Strings: 15, Instructions: 1002COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: /$[thunk]:$`adjustor{$`local static destructor helper'$`template static data member constructor helper'$`template static data member destructor helper'$`vtordispex{$`vtordisp{$extern "C" $private: $protected: $public: $static $virtual $}'
                                                                • API String ID: 2943138195-2884338863
                                                                • Opcode ID: 56dc94c5f41340d16c6edc1287401ab50ded08e4b4e6c94f8377b7fc15cbe44a
                                                                • Instruction ID: 4a9d08d47207fa2c23d52f0a3a30a32c7a3970db8a4d2be349f97dfe915778c3
                                                                • Opcode Fuzzy Hash: 56dc94c5f41340d16c6edc1287401ab50ded08e4b4e6c94f8377b7fc15cbe44a
                                                                • Instruction Fuzzy Hash: 8EA2A572A18FC686EB408B15E4C01EE77A0FB86368F545175EA8D43BA9DF7CD548CB80
                                                                Function 00007FFE13213DC0 Relevance: 36.9, APIs: 12, Strings: 8, Instructions: 1907COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: memset$__acrt_iob_func
                                                                • String ID: %d in block, %d after MTF & 1-2 coding, %d+2 syms in use$ bytes: mapping %d, $ initial group %d, [%d .. %d], has %d syms (%4.1f%%)$ pass %d: size is %d, grp uses are $%d $code lengths %d, $codes %d$selectors %d,
                                                                • API String ID: 2663462942-2674272606
                                                                • Opcode ID: fddf6da674a9559637942c02094f43c67222fa0e889a8864347ceb34b5a778ed
                                                                • Instruction ID: 5101cc29640349fa47a8cec74a43e016f9240d937e63eaa18375a0bb4bad41f1
                                                                • Opcode Fuzzy Hash: fddf6da674a9559637942c02094f43c67222fa0e889a8864347ceb34b5a778ed
                                                                • Instruction Fuzzy Hash: 7E23D072A256E18ADB20CF2AD548BEC3774FB58B5CF010266DF4D177A6DB38A494CB10
                                                                Function 00007FFE13383B20 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 181networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAGetLastError.WS2_32 ref: 00007FFE13383B4A
                                                                  • Part of subcall function 00007FFE13384B14: _Py_BuildValue_SizeT.PYTHON312(?,?,?,00007FFE13383B5A), ref: 00007FFE13384B2F
                                                                  • Part of subcall function 00007FFE13384B14: PyErr_SetObject.PYTHON312(?,?,?,00007FFE13383B5A), ref: 00007FFE13384B44
                                                                  • Part of subcall function 00007FFE13384B14: _Py_Dealloc.PYTHON312(?,?,?,00007FFE13383B5A), ref: 00007FFE13384B58
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE13383B6E
                                                                • PyErr_SetFromErrno.PYTHON312 ref: 00007FFE13383B84
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$BuildDeallocErrnoErrorFromLastObjectSizeValue__errno
                                                                • String ID: NOO$surrogatepass$unsupported address family
                                                                • API String ID: 316901363-472101058
                                                                • Opcode ID: b91f96f39c30ed59f8962875126381abc059683d57aa2602eb85b04b624b84c7
                                                                • Instruction ID: 140329170c124b43353679f3d47e6fd336553e67c265832eb0be6fa0155d05e5
                                                                • Opcode Fuzzy Hash: b91f96f39c30ed59f8962875126381abc059683d57aa2602eb85b04b624b84c7
                                                                • Instruction Fuzzy Hash: 2B818125A09E4689EA518B26A44427D63A0FF65BB4F1443F5DA6E23FB4EF3CE4C5C304
                                                                Function 00007FFE13211000 Relevance: 19.9, APIs: 6, Strings: 5, Instructions: 669COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_funcmemset
                                                                • String ID: bucket sorting ...$ depth %6d has $ reconstructing block ...$ %d work, %d block, ratio %5.2f$%6d unresolved strings
                                                                • API String ID: 3274466043-3557197531
                                                                • Opcode ID: 3fcda9e2fd7ac071b7b70a866bceb4482f728b7e61e8db2759de8a03a3a667f4
                                                                • Instruction ID: 0ce20c8a2d7f22ded53159b7c18a38121ef2cab71c6f48ac0ab7516b2b74dd32
                                                                • Opcode Fuzzy Hash: 3fcda9e2fd7ac071b7b70a866bceb4482f728b7e61e8db2759de8a03a3a667f4
                                                                • Instruction Fuzzy Hash: 2852BF73A35A448BDB05CF0DC984AAC33A4F7A9740F969239D70E9B396EB39E554C700
                                                                Function 00007FFE13216080 Relevance: 16.4, APIs: 4, Strings: 5, Instructions: 652COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: %d pointers, %d sorted, %d scanned$ bucket sorting ...$ main sort initialise ...$ qsort [0x%x, 0x%x] done %d this %d$VUUU
                                                                • API String ID: 711238415-771725242
                                                                • Opcode ID: 6f13b787d251c16a07ca401ee5e08a3a53f96260666b07c687ed5de27d5da20e
                                                                • Instruction ID: 1cca56cc4196a70a71de4e6b6bc48bffb795e209083194d7e60b303caee98e46
                                                                • Opcode Fuzzy Hash: 6f13b787d251c16a07ca401ee5e08a3a53f96260666b07c687ed5de27d5da20e
                                                                • Instruction Fuzzy Hash: E5527633A086D08ED315CF2AD118A7D7BB0FBA5B54F164276DB9A537A6CA3CE501CB10
                                                                Function 00007FFE132177F8 Relevance: 14.8, APIs: 2, Strings: 5, Instructions: 2584COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: [%d: huff+mtf $1$2$@$rt+rld
                                                                • API String ID: 711238415-2511902606
                                                                • Opcode ID: 619850e11dacf86815c574bd646255232747cdcace6cf06140f5c0d03bc097ac
                                                                • Instruction ID: 8468ca9b08904377aa9a613b2f5c572f66b80bda4bcc416650677bf3167bc85d
                                                                • Opcode Fuzzy Hash: 619850e11dacf86815c574bd646255232747cdcace6cf06140f5c0d03bc097ac
                                                                • Instruction Fuzzy Hash: 4343AD73618A91CFD7648F2AC1806AC7BB0F399B58F25817ADB4D573A9CB78D845CB00
                                                                Function 00007FFE13383328 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 5130b0c2a8b4ddc3ad2379c44f9e6e14e4431d38d65cb8e8484721bef110eafb
                                                                • Instruction ID: c652f40464f122d3cf280a607c036529f15af9943fbe1878bbe878cbea045de5
                                                                • Opcode Fuzzy Hash: 5130b0c2a8b4ddc3ad2379c44f9e6e14e4431d38d65cb8e8484721bef110eafb
                                                                • Instruction Fuzzy Hash: 87316E76608F818AEB608F61E8403ED3360FB94764F4441BADA5E57BA8DF7CD188C704
                                                                Function 00007FFE126E3E60 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                • Instruction ID: 37a7617b5500c6be479a09a3081510fa77541e5cbe0a17ff9d2400eba6c13cc6
                                                                • Opcode Fuzzy Hash: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                • Instruction Fuzzy Hash: AB313972608F818AEB60DF61E8403FD7360FB84754F44413ADA4E57BA4DF78D6488710
                                                                Function 00007FFE148B1AA0 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 99395305cdb11cdb041beb820624a25ea4585affacafc0dcd255409337a1a2bc
                                                                • Instruction ID: 629e92b17895fa98ff0bd6791920aa750763341b8a0506228db787f2261ac011
                                                                • Opcode Fuzzy Hash: 99395305cdb11cdb041beb820624a25ea4585affacafc0dcd255409337a1a2bc
                                                                • Instruction Fuzzy Hash: 2F313272609F8189EB609F61E8803ED7364FB85754F444479EA4E47BA4EF38D64DC710
                                                                Function 00007FFE1321AA7C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 012467218d5544a4534461b4b62cf789c3f5b00e1029445c7606c465824eddd2
                                                                • Instruction ID: d2acd8e0e28b0783016dbef0b8771efaa319279fcdb065de5301fb34e25a6cb6
                                                                • Opcode Fuzzy Hash: 012467218d5544a4534461b4b62cf789c3f5b00e1029445c7606c465824eddd2
                                                                • Instruction Fuzzy Hash: 94315E72609F818AEB609F61E9403EE73A0FB94754F04447ADA4E67BA6DF3CD648C710
                                                                Function 00007FFE133850C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                • String ID: bind$socket.bind
                                                                • API String ID: 1695574521-187351271
                                                                • Opcode ID: c772f091d13961e78706c3e49babb2eae7ea45e540c7b9e2188f6b33e05915ab
                                                                • Instruction ID: 4c825a27e090fdf9d33ac566fb1d753a6b830d09665cb18f32d1a53c19f81fbf
                                                                • Opcode Fuzzy Hash: c772f091d13961e78706c3e49babb2eae7ea45e540c7b9e2188f6b33e05915ab
                                                                • Instruction Fuzzy Hash: 6D11E225609F82C5EA209B52E4443AE7364FF64BA4F0402B1DA5D57F64DF2CD585C704
                                                                Function 00007FFE133860CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                                                • String ID: |i:listen
                                                                • API String ID: 3610171639-1087349693
                                                                • Opcode ID: e8d47ebe0e10a6c5cc8300ffc03bcd4294c79b16c36a614c1882deaffce03895
                                                                • Instruction ID: a4c79871277fb93f4cceecd8f1a9159875ba0d81fdf4530fb6c5eeb6dc30dbf1
                                                                • Opcode Fuzzy Hash: e8d47ebe0e10a6c5cc8300ffc03bcd4294c79b16c36a614c1882deaffce03895
                                                                • Instruction Fuzzy Hash: 2E012D21A18E4187EA448B17E88406E6371FFA4BA0F1442F1DB6E53F69DF3CE5958708
                                                                Function 00007FFE13212DC0 Relevance: 3.4, APIs: 2, Instructions: 371COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: memset
                                                                • String ID:
                                                                • API String ID: 2221118986-0
                                                                • Opcode ID: 5f9966c6679bf272717b46166595d2fc079e24c6c6c4c3c0b50c94340c7423a6
                                                                • Instruction ID: 56574324a8b22103d79ee9561a4c69c47b64046e47ca1609a39f9044531085ed
                                                                • Opcode Fuzzy Hash: 5f9966c6679bf272717b46166595d2fc079e24c6c6c4c3c0b50c94340c7423a6
                                                                • Instruction Fuzzy Hash: 57F16872A14F818AD7229F2E95413B97320FBA5799F144335EB4873BA6DB3EE541C700
                                                                Function 00007FFE126D2F80 Relevance: 2.2, APIs: 1, Instructions: 929COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 072305e070298a51cecf7c3dfedc14e7780c6f34b0edf022235a4c406b6013ef
                                                                • Instruction ID: 031e295163441e4c49fd9ffd053d7d58c0a5a1cd9fda671fc9aa1d7d9f198c27
                                                                • Opcode Fuzzy Hash: 072305e070298a51cecf7c3dfedc14e7780c6f34b0edf022235a4c406b6013ef
                                                                • Instruction Fuzzy Hash: AB92D4B2A189DA8BE728CF16D444BBD77A1F784758F144139DA8A47794DBBCE4A0CF00
                                                                Function 00007FFE126D1A00 Relevance: .5, Instructions: 548COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14ca22d0dbc449adbb87d0aa6a0a769a9cf856f7ab0432f1125b30fdcbd30f34
                                                                • Instruction ID: c5ff3a4a947d26ab054a8b5a925a1e18a820cdff17d32e3fccf607ba22d8f961
                                                                • Opcode Fuzzy Hash: 14ca22d0dbc449adbb87d0aa6a0a769a9cf856f7ab0432f1125b30fdcbd30f34
                                                                • Instruction Fuzzy Hash: B842E572A18A9DCBE720CB16D8447AD77A0F784794F214175DA8A43BA4DFFDE891CB00
                                                                Function 00007FFE126D23B0 Relevance: .5, Instructions: 500COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 136be1069941644f31c35eface127805653643002cb49cf4de681b5645ddfc60
                                                                • Instruction ID: 510fa20977d30ff243d9164fdbb0614f0f26ba09d8f8bc8badbaf2d1e72d11af
                                                                • Opcode Fuzzy Hash: 136be1069941644f31c35eface127805653643002cb49cf4de681b5645ddfc60
                                                                • Instruction Fuzzy Hash: 7922B272A04A4987D718CF2AD8446AC37A0F758BA8F104235DF5E477E9DFB8E4A5C780
                                                                Function 00007FFE13213B20 Relevance: .4, Instructions: 364COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed8d24cf098aadaf33039588b135da2843f570b6115a25eeafe42063b0bf3ebc
                                                                • Instruction ID: 5b10e1e06901b57cc28838b055e93e42c7ed10d2712aafb9cc9e2b87522715fc
                                                                • Opcode Fuzzy Hash: ed8d24cf098aadaf33039588b135da2843f570b6115a25eeafe42063b0bf3ebc
                                                                • Instruction Fuzzy Hash: 96F11FB3A18AA68BD754DF06D18497D3BB9F7A4B54F128176DF0A63761CB38E801CB40
                                                                Function 00007FFE126D4650 Relevance: .2, Instructions: 206COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d9064fa8def9f026256d4307e664ade0a86c3c60bc22c5b50eaaae86724981c5
                                                                • Instruction ID: 4c3951df14f30cb4f4f363f2f7f62318d77899cfbda9b4f076801e3d656ef3be
                                                                • Opcode Fuzzy Hash: d9064fa8def9f026256d4307e664ade0a86c3c60bc22c5b50eaaae86724981c5
                                                                • Instruction Fuzzy Hash: 6C917BB6A24E4486DB09CF2DC4823AC3360F768B58F544236DB5E477A8DF79D9A1C780
                                                                Function 00007FFE126D73F8 Relevance: .2, Instructions: 166COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7e78c201ee0cfc2472355db5d9f72e5c9455fbf09f8a716b15a6a5636c83be8f
                                                                • Instruction ID: 1e509a68a15b7aa92f4ffb3bdf95381d074bf7990b2f0b639692bdaf15824197
                                                                • Opcode Fuzzy Hash: 7e78c201ee0cfc2472355db5d9f72e5c9455fbf09f8a716b15a6a5636c83be8f
                                                                • Instruction Fuzzy Hash: 72616F36A08A5A87EB69CF2AD84077837A0FB54768F104175DA4E83BE4DFBCE851C741
                                                                Function 00007FFE126D12B0 Relevance: .1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 33751e61f2b7b5fe1996d7a8c53cb228b6bf20b976da0d5b6149ed53632f6689
                                                                • Instruction ID: 9bf9aa9c7ca613e8a89d008e6315a4729758cc15a4adad0e2aed862e14dd26de
                                                                • Opcode Fuzzy Hash: 33751e61f2b7b5fe1996d7a8c53cb228b6bf20b976da0d5b6149ed53632f6689
                                                                • Instruction Fuzzy Hash: 0C512573B10A958BD708CF19D8947A937A5F348358F444135FB9A93B80D7B9E862C740
                                                                Function 00007FFE126D55D0 Relevance: .1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 348d982d7e8518b31d5d4474f62551c79313faf909feeb906e74a03da9efe16c
                                                                • Instruction ID: a931969a599dca0117cbeb0db1106153e0549d534522ab3368d9b19786893d06
                                                                • Opcode Fuzzy Hash: 348d982d7e8518b31d5d4474f62551c79313faf909feeb906e74a03da9efe16c
                                                                • Instruction Fuzzy Hash: EB41E473B14A9987E710CF1AF81076DBAA2F784B58F654031DB8A43FA5DA38E452CB00
                                                                Function 00007FFE126DFA88 Relevance: .1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cab0718fb76dbd80151505856c6246546e40df07e307d1c7108c1a4205e22fe
                                                                • Instruction ID: d65b87cc35f0156bb5a8a9d47d26a6192302261e1853a6a77dc34c4c057dbe16
                                                                • Opcode Fuzzy Hash: 0cab0718fb76dbd80151505856c6246546e40df07e307d1c7108c1a4205e22fe
                                                                • Instruction Fuzzy Hash: 5C314CA3B28A9943EF08CA12AC156B96A91F7547E4F090175DE4F47BE4CEBCE542C300
                                                                Function 00007FFE126D1920 Relevance: .1, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc13c40859c25b318db05a36badccf42958693ca925bfe9472852b065e0655c7
                                                                • Instruction ID: dbe91594e190704ad70bc86fadbc547942620754ba3e293c70d6228b00b86ad6
                                                                • Opcode Fuzzy Hash: fc13c40859c25b318db05a36badccf42958693ca925bfe9472852b065e0655c7
                                                                • Instruction Fuzzy Hash: 232135B3F288A483FB18C716DC20BB82651FBD8398F54A175E68A83F94D9BCD501CB00
                                                                Function 00007FFE126D5F00 Relevance: .1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b839b2501dd28b3a3b56fb3566757ce33f8decf06953666a60a87e30fd53947f
                                                                • Instruction ID: 9b9b22d243d20c7383d4ca7503759219e92b32084c3e47f7ca66a45471497cd8
                                                                • Opcode Fuzzy Hash: b839b2501dd28b3a3b56fb3566757ce33f8decf06953666a60a87e30fd53947f
                                                                • Instruction Fuzzy Hash: E421F87261C6A447E65A8B26AD102BA7350F7157D9F841225EFEE036D5C63CFA008710
                                                                Function 00007FFE126D8F40 Relevance: .1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7cbee525038b59c0e5412c11d3d178d0e50ffaf15df1e324a29bcb92bdfde56f
                                                                • Instruction ID: 7b54768e26fabd1a0e06406a418f92ac5fb914ea49cf1bf01bc0cee8399fd6ec
                                                                • Opcode Fuzzy Hash: 7cbee525038b59c0e5412c11d3d178d0e50ffaf15df1e324a29bcb92bdfde56f
                                                                • Instruction Fuzzy Hash: 02215B62B14AAD43EA11CB2368241FA62A1E745BF1F951236EFED073D4DA7CE9408300
                                                                Function 00007FFE126E27C0 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 744 7ffe126e27c0-7ffe126e27f1 PyModule_GetState PyTuple_New 745 7ffe126e2b9c-7ffe126e2b9f 744->745 746 7ffe126e27f7-7ffe126e280c PyModule_AddIntConstant 744->746 748 7ffe126e2b87-7ffe126e2b9b 745->748 746->745 747 7ffe126e2812-7ffe126e2828 PyModule_AddIntConstant 746->747 747->745 749 7ffe126e282e-7ffe126e2844 PyModule_AddIntConstant 747->749 749->745 750 7ffe126e284a-7ffe126e2860 PyModule_AddIntConstant 749->750 750->745 751 7ffe126e2866-7ffe126e287a call 7ffe126e2ba4 750->751 751->745 754 7ffe126e2880-7ffe126e2895 call 7ffe126e2ba4 751->754 754->745 757 7ffe126e289b-7ffe126e28b2 call 7ffe126e2ba4 754->757 757->745 760 7ffe126e28b8-7ffe126e28cd call 7ffe126e2ba4 757->760 760->745 763 7ffe126e28d3-7ffe126e28e8 call 7ffe126e2ba4 760->763 763->745 766 7ffe126e28ee-7ffe126e2903 call 7ffe126e2ba4 763->766 766->745 769 7ffe126e2909-7ffe126e2924 call 7ffe126e2ba4 766->769 769->745 772 7ffe126e292a-7ffe126e293f call 7ffe126e2ba4 769->772 772->745 775 7ffe126e2945-7ffe126e295a call 7ffe126e2ba4 772->775 775->745 778 7ffe126e2960-7ffe126e2974 call 7ffe126e2ba4 775->778 778->745 781 7ffe126e297a-7ffe126e298f call 7ffe126e2ba4 778->781 781->745 784 7ffe126e2995-7ffe126e29aa call 7ffe126e2ba4 781->784 784->745 787 7ffe126e29b0-7ffe126e29c5 call 7ffe126e2ba4 784->787 787->745 790 7ffe126e29cb-7ffe126e29e0 call 7ffe126e2ba4 787->790 790->745 793 7ffe126e29e6-7ffe126e29fb call 7ffe126e2ba4 790->793 793->745 796 7ffe126e2a01-7ffe126e2a16 call 7ffe126e2ba4 793->796 796->745 799 7ffe126e2a1c-7ffe126e2a30 call 7ffe126e2ba4 796->799 799->745 802 7ffe126e2a36-7ffe126e2a4b call 7ffe126e2ba4 799->802 802->745 805 7ffe126e2a51-7ffe126e2a66 call 7ffe126e2ba4 802->805 805->745 808 7ffe126e2a6c-7ffe126e2a81 call 7ffe126e2ba4 805->808 808->745 811 7ffe126e2a87-7ffe126e2a9c call 7ffe126e2ba4 808->811 811->745 814 7ffe126e2aa2-7ffe126e2ab7 call 7ffe126e2ba4 811->814 814->745 817 7ffe126e2abd-7ffe126e2ad2 call 7ffe126e2ba4 814->817 817->745 820 7ffe126e2ad8-7ffe126e2aef call 7ffe126e2ba4 817->820 820->745 823 7ffe126e2af5-7ffe126e2b16 PyErr_NewExceptionWithDoc 820->823 823->745 824 7ffe126e2b1c-7ffe126e2b2a PyModule_AddType 823->824 824->745 825 7ffe126e2b2c-7ffe126e2b45 PyType_FromModuleAndSpec 824->825 825->745 826 7ffe126e2b47-7ffe126e2b55 PyModule_AddType 825->826 826->745 827 7ffe126e2b57-7ffe126e2b71 PyType_FromModuleAndSpec 826->827 827->745 828 7ffe126e2b73-7ffe126e2b84 PyModule_AddType 827->828 828->748
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                • API String ID: 2322464913-730042774
                                                                • Opcode ID: b091e49e01b098b25a876694f3ea7601ad3c204f15de4486665e150d791b2536
                                                                • Instruction ID: 3c4a8cbbe69f7f9c526a209e7efc7e6de25667a51b8b724cebd42ae6e47cd9a5
                                                                • Opcode Fuzzy Hash: b091e49e01b098b25a876694f3ea7601ad3c204f15de4486665e150d791b2536
                                                                • Instruction Fuzzy Hash: 0EA1DA61B18E225AEB14DF37EE502B56766AF48BA8F4040B0CD0D8A6F5EEEDF514C710
                                                                Function 00007FFE146394B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 829 7ffe146394b8-7ffe146394e9 830 7ffe14639a7f-7ffe14639a91 829->830 831 7ffe146394ef-7ffe1463950d 829->831 832 7ffe14639a94-7ffe14639a97 call 7ffe146379dc 830->832 833 7ffe14639513 831->833 834 7ffe14639628-7ffe1463962b 831->834 841 7ffe14639a9c-7ffe14639ab8 832->841 838 7ffe14639519-7ffe1463951c 833->838 839 7ffe14639616-7ffe14639623 833->839 836 7ffe14639662-7ffe14639669 834->836 837 7ffe1463962d-7ffe14639651 call 7ffe1463aac8 834->837 845 7ffe14639675-7ffe1463967c 836->845 846 7ffe1463966b-7ffe1463966e 836->846 857 7ffe146399c1-7ffe146399c5 837->857 858 7ffe14639657-7ffe1463965d 837->858 843 7ffe1463951e 838->843 844 7ffe14639594-7ffe14639599 838->844 840 7ffe146399b8-7ffe146399bc call 7ffe14637494 839->840 840->857 850 7ffe14639520-7ffe14639523 843->850 851 7ffe1463954c-7ffe14639559 843->851 847 7ffe14639604-7ffe14639611 844->847 848 7ffe1463959b-7ffe1463959e 844->848 852 7ffe14639682 845->852 853 7ffe1463978c-7ffe1463978f 845->853 846->845 847->840 855 7ffe146395a0-7ffe146395a3 848->855 856 7ffe146395d7-7ffe146395ff call 7ffe14637a60 848->856 861 7ffe14639525-7ffe14639528 850->861 862 7ffe14639582-7ffe1463958f 850->862 851->840 863 7ffe14639688-7ffe1463968b 852->863 864 7ffe1463977a-7ffe14639787 852->864 859 7ffe14639795 853->859 860 7ffe1463990c-7ffe1463990f 853->860 865 7ffe146395c1-7ffe146395d2 call 7ffe14637494 855->865 866 7ffe146395a5-7ffe146395a8 855->866 856->857 875 7ffe146399c7-7ffe146399ce 857->875 876 7ffe146399f6-7ffe146399fd 857->876 858->841 867 7ffe1463979b-7ffe1463979e 859->867 868 7ffe146398fa-7ffe14639907 859->868 870 7ffe14639915-7ffe14639918 860->870 871 7ffe146399ab 860->871 861->862 869 7ffe1463952a-7ffe1463952d 861->869 862->840 872 7ffe14639691 863->872 873 7ffe14639733-7ffe14639736 863->873 864->840 865->856 881 7ffe146395b9-7ffe146395bc 866->881 882 7ffe146395aa-7ffe146395ad 866->882 883 7ffe146397a0-7ffe146397a3 867->883 884 7ffe146397f7 867->884 868->840 869->862 885 7ffe1463952f-7ffe14639532 869->885 887 7ffe14639953-7ffe146399a9 call 7ffe1463c540 call 7ffe14637680 call 7ffe146379dc 870->887 888 7ffe1463991a-7ffe1463991d 870->888 886 7ffe146399b2 871->886 890 7ffe14639697-7ffe1463969a 872->890 891 7ffe1463976b-7ffe14639775 872->891 873->891 892 7ffe14639738-7ffe1463973b 873->892 878 7ffe146399d0-7ffe146399d4 875->878 879 7ffe146399e6-7ffe146399f4 875->879 880 7ffe14639a04-7ffe14639a39 call 7ffe14637680 call 7ffe146379dc 876->880 898 7ffe146399d6-7ffe146399de 878->898 899 7ffe14639a3c-7ffe14639a3f 878->899 879->880 880->899 893 7ffe146397fc-7ffe14639813 881->893 882->881 895 7ffe146395af-7ffe146395b2 882->895 901 7ffe146397e5-7ffe146397f2 883->901 902 7ffe146397a5-7ffe146397a8 883->902 884->893 903 7ffe14639570-7ffe1463957d 885->903 904 7ffe14639534-7ffe14639537 885->904 886->840 887->857 905 7ffe1463991f-7ffe14639922 888->905 906 7ffe14639947-7ffe14639951 888->906 907 7ffe14639720-7ffe1463972e call 7ffe14637940 890->907 908 7ffe146396a0-7ffe146396a3 890->908 891->840 896 7ffe1463973d-7ffe14639740 892->896 897 7ffe1463975c-7ffe14639766 892->897 911 7ffe14639815-7ffe14639838 call 7ffe1463c9c4 893->911 912 7ffe14639874-7ffe14639877 893->912 895->881 914 7ffe146395b4-7ffe146395b7 895->914 896->897 916 7ffe14639742-7ffe14639745 896->916 897->840 898->899 917 7ffe146399e0-7ffe146399e4 898->917 919 7ffe14639a41-7ffe14639a6b call 7ffe14638c5c call 7ffe146379dc call 7ffe14637ae0 899->919 920 7ffe14639a70-7ffe14639a7d 899->920 901->840 921 7ffe146397d6-7ffe146397e0 902->921 922 7ffe146397aa-7ffe146397ad 902->922 903->840 904->903 923 7ffe14639539-7ffe1463953c 904->923 924 7ffe14639924-7ffe14639927 905->924 925 7ffe14639938-7ffe1463993b 905->925 906->840 907->857 909 7ffe146396de-7ffe1463971b call 7ffe146394b8 call 7ffe14637680 908->909 910 7ffe146396a5-7ffe146396a8 908->910 909->832 926 7ffe146396cc-7ffe146396d9 910->926 927 7ffe146396aa-7ffe146396ad 910->927 956 7ffe14639865-7ffe1463986f 911->956 957 7ffe1463983a-7ffe14639862 call 7ffe14637a60 911->957 931 7ffe146398df-7ffe146398f5 call 7ffe1463c9c4 912->931 932 7ffe14639879-7ffe14639881 912->932 914->837 914->881 934 7ffe14639750-7ffe14639757 916->934 935 7ffe14639747-7ffe1463974a 916->935 917->879 917->899 919->920 920->841 921->840 938 7ffe146397af-7ffe146397b2 922->938 939 7ffe146397c4-7ffe146397d1 922->939 940 7ffe1463955e-7ffe1463956b 923->940 941 7ffe1463953e-7ffe14639541 923->941 924->925 942 7ffe14639929-7ffe14639933 924->942 925->906 926->840 927->926 943 7ffe146396af-7ffe146396b2 927->943 931->841 947 7ffe146398c5-7ffe146398c7 932->947 948 7ffe14639883-7ffe14639899 call 7ffe14637494 932->948 934->886 935->934 935->942 938->942 952 7ffe146397b8-7ffe146397bf 938->952 939->840 940->840 941->940 953 7ffe14639543-7ffe14639546 941->953 942->840 954 7ffe146396b4-7ffe146396b7 943->954 955 7ffe146396bd-7ffe146396c7 943->955 947->931 961 7ffe146398c9-7ffe146398da call 7ffe14637494 947->961 948->931 972 7ffe1463989b-7ffe146398c3 call 7ffe14637a60 948->972 952->886 953->837 953->851 954->942 954->955 955->840 956->841 957->956 961->931 972->931
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                • API String ID: 2943138195-1482988683
                                                                • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                • Instruction ID: 8ec8c3483f50930985658e47070ea4d9862cf89e4e9741e9dec55a85db83b19e
                                                                • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                • Instruction Fuzzy Hash: 3F024072E18E9688FB149B66D8D51BC26B0BB0736CF5441B5CA4D16BB8DF3CA54CCB80
                                                                Function 00007FFE13383DD0 Relevance: 58.0, APIs: 19, Strings: 14, Instructions: 244networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 975 7ffe13383dd0-7ffe13383dfd 976 7ffe13383e03-7ffe13383e06 975->976 977 7ffe133840de-7ffe133840f5 975->977 980 7ffe13383e0c-7ffe13383e0f 976->980 981 7ffe13383fd9-7ffe13383ff8 976->981 978 7ffe13384103-7ffe13384129 _PyArg_ParseTuple_SizeT 977->978 979 7ffe133840f7 977->979 984 7ffe1338412b-7ffe1338413d PyErr_ExceptionMatches 978->984 985 7ffe13384176-7ffe133841a0 call 7ffe13384c58 978->985 979->978 986 7ffe13383f65-7ffe13383f69 980->986 987 7ffe13383e15-7ffe13383e18 980->987 982 7ffe13383ffa 981->982 983 7ffe13384006-7ffe1338403e _PyArg_ParseTuple_SizeT 981->983 982->983 983->984 988 7ffe13384044-7ffe1338406c call 7ffe13384c58 983->988 989 7ffe1338413f 984->989 990 7ffe1338415a 984->990 1008 7ffe133841a2-7ffe133841aa 985->1008 1009 7ffe133841b8-7ffe133841ba 985->1009 991 7ffe13383f7e-7ffe13383f9e _PyArg_ParseTuple_SizeT 986->991 992 7ffe13383f6b-7ffe13383f79 986->992 994 7ffe13383e2d-7ffe13383e35 987->994 995 7ffe13383e1a-7ffe13383e28 987->995 1014 7ffe13384082-7ffe13384085 988->1014 1015 7ffe1338406e-7ffe13384074 988->1015 997 7ffe13384146 989->997 998 7ffe1338415c-7ffe13384175 990->998 1000 7ffe13383fb3-7ffe13383fc2 call 7ffe13384b6c 991->1000 1001 7ffe13383fa0-7ffe13383fae 991->1001 999 7ffe1338414d-7ffe13384154 PyErr_Format 992->999 1003 7ffe13383e57-7ffe13383e88 994->1003 1004 7ffe13383e37-7ffe13383e52 PyErr_Format 994->1004 995->999 997->999 999->990 1000->990 1018 7ffe13383fc8-7ffe13383fd4 1000->1018 1001->999 1005 7ffe13383eae-7ffe13383ec8 _PyArg_ParseTuple_SizeT 1003->1005 1006 7ffe13383e8a-7ffe13383ea9 PyErr_Format 1003->1006 1004->990 1005->990 1013 7ffe13383ece-7ffe13383ee0 PyUnicode_AsWideCharString 1005->1013 1006->990 1008->1009 1016 7ffe133841ac-7ffe133841b0 1008->1016 1009->990 1012 7ffe133841bc-7ffe133841c5 1009->1012 1012->989 1019 7ffe133841cb-7ffe133841d9 htons 1012->1019 1020 7ffe13383ef5-7ffe13383f0f UuidFromStringW PyMem_Free 1013->1020 1021 7ffe13383ee2-7ffe13383ef0 1013->1021 1014->990 1023 7ffe1338408b-7ffe13384094 1014->1023 1015->1014 1022 7ffe13384076-7ffe1338407a 1015->1022 1016->1009 1017 7ffe133841b2 _Py_Dealloc 1016->1017 1017->1009 1018->998 1024 7ffe133841e0-7ffe133841e5 1019->1024 1020->1021 1025 7ffe13383f11-7ffe13383f23 PyUnicode_AsWideCharString 1020->1025 1021->999 1022->1014 1026 7ffe1338407c _Py_Dealloc 1022->1026 1023->989 1027 7ffe1338409a-7ffe133840a1 1023->1027 1024->998 1028 7ffe13383f25-7ffe13383f33 1025->1028 1029 7ffe13383f38-7ffe13383f52 UuidFromStringW PyMem_Free 1025->1029 1026->1014 1030 7ffe133840a3-7ffe133840aa 1027->1030 1031 7ffe133840af-7ffe133840d9 htons htonl 1027->1031 1028->999 1029->1028 1032 7ffe13383f54-7ffe13383f60 1029->1032 1030->997 1031->1024 1032->998
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Format$Deallochtons
                                                                • String ID: %s(): AF_HYPERV address must be tuple, not %.500s$%s(): AF_HYPERV address service_id is not a valid UUID string$%s(): AF_HYPERV address vm_id is not a valid UUID string$%s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): unsupported AF_HYPERV protocol: %d$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])$UU;AF_HYPERV address must be a str tuple (vm_id, service_id)
                                                                • API String ID: 2819711985-3631354148
                                                                • Opcode ID: 2a7c56321471c2d82b95262e8f982d4fde5c20bb87aa390549c57e4e666f4892
                                                                • Instruction ID: e9d53219094ecd793cad796496a4bffae8a702bbd595a928c38a730d5a4ccbc2
                                                                • Opcode Fuzzy Hash: 2a7c56321471c2d82b95262e8f982d4fde5c20bb87aa390549c57e4e666f4892
                                                                • Instruction Fuzzy Hash: 1AC11B72A08F4699EB108F67D8441BD23A0BB64BA4F5042F6DA6D63E74DF7CE585C308
                                                                Function 00007FFE1338718C Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 260threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1033 7ffe1338718c-7ffe13387230 _PyArg_ParseTupleAndKeywords_SizeT 1034 7ffe1338754e 1033->1034 1035 7ffe13387236-7ffe13387241 1033->1035 1038 7ffe13387550-7ffe13387570 1034->1038 1036 7ffe13387243-7ffe13387246 1035->1036 1037 7ffe13387248-7ffe13387256 1035->1037 1039 7ffe13387291-7ffe133872a0 1036->1039 1040 7ffe1338727a-7ffe1338727e 1037->1040 1041 7ffe13387258-7ffe1338726e PyUnicode_AsEncodedString 1037->1041 1045 7ffe133872a2-7ffe133872b1 PyObject_Str 1039->1045 1046 7ffe133872bc-7ffe133872c6 1039->1046 1043 7ffe13387284-7ffe1338728a PyBytes_AsString 1040->1043 1044 7ffe13387537-7ffe13387548 PyErr_SetString 1040->1044 1041->1034 1042 7ffe13387274-7ffe13387278 1041->1042 1047 7ffe1338728d 1042->1047 1043->1047 1044->1034 1048 7ffe133874f4-7ffe133874f7 1045->1048 1049 7ffe133872b7-7ffe133872ba 1045->1049 1050 7ffe133872c8 1046->1050 1051 7ffe133872e7-7ffe133872eb 1046->1051 1047->1039 1054 7ffe1338750d-7ffe13387510 1048->1054 1055 7ffe133874f9-7ffe133874fc 1048->1055 1056 7ffe133872cb-7ffe133872d7 PyUnicode_AsUTF8 1049->1056 1050->1056 1052 7ffe133872f3-7ffe133872fa 1051->1052 1053 7ffe133872ed-7ffe133872f1 1051->1053 1058 7ffe13387300 1052->1058 1059 7ffe133874dd-7ffe133874ee PyErr_SetString 1052->1059 1057 7ffe13387303-7ffe13387331 PySys_Audit 1053->1057 1061 7ffe13387512-7ffe13387515 1054->1061 1062 7ffe13387526-7ffe1338752d 1054->1062 1055->1054 1060 7ffe133874fe-7ffe13387502 1055->1060 1056->1048 1063 7ffe133872dd-7ffe133872e5 1056->1063 1057->1034 1065 7ffe13387337-7ffe1338738b PyEval_SaveThread getaddrinfo PyEval_RestoreThread 1057->1065 1058->1057 1059->1048 1060->1054 1066 7ffe13387504-7ffe13387507 _Py_Dealloc 1060->1066 1061->1062 1067 7ffe13387517-7ffe1338751b 1061->1067 1062->1034 1064 7ffe1338752f-7ffe13387535 freeaddrinfo 1062->1064 1063->1057 1064->1034 1069 7ffe133873a2-7ffe133873b0 PyList_New 1065->1069 1070 7ffe1338738d-7ffe1338739d call 7ffe13384abc 1065->1070 1066->1054 1067->1062 1068 7ffe1338751d-7ffe13387520 _Py_Dealloc 1067->1068 1068->1062 1069->1048 1072 7ffe133873b6-7ffe133873bd 1069->1072 1070->1048 1074 7ffe133873c3-7ffe133873da call 7ffe13384864 1072->1074 1075 7ffe1338746a-7ffe1338746d 1072->1075 1087 7ffe133873e0-7ffe1338741d _Py_BuildValue_SizeT 1074->1087 1088 7ffe133874c6-7ffe133874ca 1074->1088 1076 7ffe13387483-7ffe13387486 1075->1076 1077 7ffe1338746f-7ffe13387472 1075->1077 1080 7ffe1338749c-7ffe133874a3 1076->1080 1081 7ffe13387488-7ffe1338748b 1076->1081 1077->1076 1079 7ffe13387474-7ffe13387478 1077->1079 1079->1076 1085 7ffe1338747a-7ffe1338747d _Py_Dealloc 1079->1085 1083 7ffe133874a5 freeaddrinfo 1080->1083 1084 7ffe133874ab-7ffe133874ae 1080->1084 1081->1080 1086 7ffe1338748d-7ffe13387491 1081->1086 1083->1084 1084->1038 1085->1076 1086->1080 1090 7ffe13387493-7ffe13387496 _Py_Dealloc 1086->1090 1091 7ffe1338742f-7ffe13387432 1087->1091 1092 7ffe1338741f-7ffe13387424 1087->1092 1088->1048 1089 7ffe133874cc-7ffe133874d0 1088->1089 1089->1048 1095 7ffe133874d2-7ffe133874db _Py_Dealloc 1089->1095 1090->1080 1091->1088 1094 7ffe13387438-7ffe13387448 PyList_Append 1091->1094 1092->1091 1093 7ffe13387426-7ffe13387429 _Py_Dealloc 1092->1093 1093->1091 1096 7ffe133874b3-7ffe133874b5 1094->1096 1097 7ffe1338744a-7ffe1338744c 1094->1097 1095->1048 1096->1088 1098 7ffe133874b7-7ffe133874bb 1096->1098 1099 7ffe1338744e-7ffe13387452 1097->1099 1100 7ffe1338745d-7ffe13387464 1097->1100 1098->1088 1101 7ffe133874bd-7ffe133874c0 _Py_Dealloc 1098->1101 1099->1100 1102 7ffe13387454-7ffe13387457 _Py_Dealloc 1099->1102 1100->1074 1100->1075 1101->1088 1102->1100
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$String$Err_Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_Object_ParseRestoreSaveSys_TupleValue_getaddrinfo
                                                                • String ID: Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                • API String ID: 3469260611-1074899869
                                                                • Opcode ID: 2f423c6ffa71151a3adb167c7cdb8e101b5c9d8c3bce7bb13a85d95737d9847a
                                                                • Instruction ID: c0f7d3254bf15cc271fd99f5e1ea2d87dce32d9f10da15aa40ad7b9ba069a34c
                                                                • Opcode Fuzzy Hash: 2f423c6ffa71151a3adb167c7cdb8e101b5c9d8c3bce7bb13a85d95737d9847a
                                                                • Instruction Fuzzy Hash: E4C14B32A09E028AEB15CF62D4445BC37A1BB68BA4F0042F5DD6E63E64DF3CE594C308
                                                                Function 00007FFE133878C8 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 162threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Size$Arg_Err_ParseRestoreSaveStringTuple_$AuditBuildDecodeS_snprintfSys_Unicode_Value_freeaddrinfogetaddrinfogetnameinfohtonl
                                                                • String ID: $(O)$IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getnameinfo(): flowinfo must be 0-1048575.$si|II;getnameinfo(): illegal sockaddr argument$sockaddr resolved to multiple addresses$socket.getnameinfo$surrogatepass
                                                                • API String ID: 2526741257-243639936
                                                                • Opcode ID: 04604c1635eafd80c084e70278c0c195183a3ebb5ddeaecdd157658cd547c5cb
                                                                • Instruction ID: 5af93eb47d1511eaefb144811096e066cbdd13bc5efed84be5a3508279deb231
                                                                • Opcode Fuzzy Hash: 04604c1635eafd80c084e70278c0c195183a3ebb5ddeaecdd157658cd547c5cb
                                                                • Instruction Fuzzy Hash: 82816E72A08F428AEB11CF66E4401AD73A1FB94BA4F1002B6DA6D63B74DF7CE585C744
                                                                Function 00007FFE13384C58 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 170threadstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Threadfreeaddrinfo$RestoreSavegetaddrinfoinet_ptonmemcpystrcmp$Err_Stringstrchr
                                                                • String ID: 255.255.255.255$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                                                • API String ID: 535957624-1715193308
                                                                • Opcode ID: 84e0856cd869813e583fc43c899fd160c3153486a779d11b04d7bc0fb41145c4
                                                                • Instruction ID: 3da7f1645077a126004e1cf1449a3267d3403340ef1aed304635ba7c3a8b146b
                                                                • Opcode Fuzzy Hash: 84e0856cd869813e583fc43c899fd160c3153486a779d11b04d7bc0fb41145c4
                                                                • Instruction Fuzzy Hash: 6A718121A08E428AE7608F26940427D6360FFA4BA4F5443F5DA6E73EB5DF3CE5D58708
                                                                Function 00007FFE148B22F8 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 206timethreadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _PyTime_FromSecondsObject.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2356
                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B236A
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B23B6
                                                                  • Part of subcall function 00007FFE148B266C: PySequence_Fast.PYTHON312(00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2694
                                                                • _PyDeadline_Init.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2471
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B24AB
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B24B4
                                                                • select.WS2_32(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B24CD
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B24D9
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B24DF
                                                                • PyErr_CheckSignals.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B24EE
                                                                • _PyDeadline_Get.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B250B
                                                                • _PyTime_AsTimeval_clamp.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2529
                                                                • PyErr_Occurred.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2584
                                                                • PyTuple_Pack.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B259D
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B25BA
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B25D3
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B25EC
                                                                • WSAGetLastError.WS2_32(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2652
                                                                • PyErr_SetExcFromWindowsErr.PYTHON312(?,?,?,00007FFDFB2FD290,?,?,00007FFE148B22E5), ref: 00007FFE148B2664
                                                                  • Part of subcall function 00007FFE148B266C: PyObject_AsFileDescriptor.PYTHON312(?,?,00007FFE148B22E5), ref: 00007FFE148B2709
                                                                  • Part of subcall function 00007FFE148B266C: PyErr_SetString.PYTHON312(?,?,00007FFE148B22E5), ref: 00007FFE148B278F
                                                                  • Part of subcall function 00007FFE148B266C: _Py_Dealloc.PYTHON312(?,?,00007FFE148B22E5), ref: 00007FFE148B27A3
                                                                  • Part of subcall function 00007FFE148B266C: _Py_Dealloc.PYTHON312(?,?,00007FFE148B22E5), ref: 00007FFE148B27B7
                                                                  • Part of subcall function 00007FFE148B266C: _Py_Dealloc.PYTHON312(?,?,00007FFE148B22E5), ref: 00007FFE148B27D2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Deadline_Eval_FromStringThreadTime__errno$CheckDescriptorErrorExceptionFastFileInitLastMatchesObjectObject_OccurredPackRestoreSaveSecondsSequence_SignalsTimeval_clampTuple_Windowsselect
                                                                • String ID: timeout must be a float or None$timeout must be non-negative
                                                                • API String ID: 1581318368-2150404077
                                                                • Opcode ID: d788fc8d8f2c4c3425777ff2c68e582025ccc74bbe31b0ae76aafc8d094d01c2
                                                                • Instruction ID: 77fd73e97389f2a49ef4caaa9f762bd07663fc906105f8187c1ecc02cb4d8eeb
                                                                • Opcode Fuzzy Hash: d788fc8d8f2c4c3425777ff2c68e582025ccc74bbe31b0ae76aafc8d094d01c2
                                                                • Instruction Fuzzy Hash: A9913E61A08E8399EB219F26D8981B963A4FF46BA4F404175FE4E467B8DF3CE54DC700
                                                                Function 00007FFE13384864 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: BuildSizeValue_
                                                                • String ID: OiII$Unknown Bluetooth protocol$iy#
                                                                • API String ID: 1740464280-1931379703
                                                                • Opcode ID: 902a55de1e61e57d9b75f782d95346036916bf3d28d7f19c3b677d66217b6a38
                                                                • Instruction ID: 5959e89c47a7d3bee518556051f59b1cb0b8cf15435569784cb9a7710dd484a4
                                                                • Opcode Fuzzy Hash: 902a55de1e61e57d9b75f782d95346036916bf3d28d7f19c3b677d66217b6a38
                                                                • Instruction Fuzzy Hash: 63511F21A0CE429AEA249B12E54407D6360BF65BB1F5442F5CA6E77EB4EF2CE5C5C308
                                                                Function 00007FFE1463CDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                • String ID: `anonymous namespace'
                                                                • API String ID: 3863519203-3062148218
                                                                • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                • Instruction ID: 1d9d9f024394d9d57b789b35babf66efd1d038749a227d369ed20661f7a268ae
                                                                • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                • Instruction Fuzzy Hash: BEE17C72A08FC699EB10DF26D8C01AC77A0FB46758F448175EA4D17BA9DF38D519C740
                                                                Function 00007FFE126D71F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 156threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_LongString$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                • API String ID: 553332449-1518367256
                                                                • Opcode ID: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                • Instruction ID: 63260d0079a8d6949ac3967804eb410fbe85a77ce693d106680d08cba26e0b1e
                                                                • Opcode Fuzzy Hash: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                • Instruction Fuzzy Hash: E0615C21A08E8A86EB69CF27AC5427933A1FF44BB4F4941B5DD4D466F4DFBCE8448341
                                                                Function 00007FFE126E0CAC Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$LongMem_String$Arg_CallocClearDeallocExceptionFreeItemKeywords_Long_Mapping_MatchesOccurredParseSizeTupleUnsigned
                                                                • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                • API String ID: 1879153319-1461672608
                                                                • Opcode ID: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                • Instruction ID: 97f771931302a8b3bd826a60288ec142d0189a0c4900a8b68a1dc0631fd366a3
                                                                • Opcode Fuzzy Hash: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                • Instruction Fuzzy Hash: 7A51EA35A08F42C5EA20DF16F8442A973A4FB88BA4F5441B5CA8D53BB9DFBCE459C740
                                                                Function 00007FFE13388270 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Err_$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                                                • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                                                • API String ID: 1507301079-2822559286
                                                                • Opcode ID: 53b98e0b39da5fdef2c7c0ee4bcb4f09635da776308b6f8e1f3f5746954ec4bc
                                                                • Instruction ID: 9b33448eab4121c85e2778a8ff82523823dbb49b8a92c357a20a26c322a2c9a4
                                                                • Opcode Fuzzy Hash: 53b98e0b39da5fdef2c7c0ee4bcb4f09635da776308b6f8e1f3f5746954ec4bc
                                                                • Instruction Fuzzy Hash: E7314125A18E4789EA60CB16E8506BD23A0FFA8B64F4006F1D55FA7A74DF3CE5C8C714
                                                                Function 00007FFE13382950 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                • String ID: socket.gethostname
                                                                • API String ID: 1075394898-2650736202
                                                                • Opcode ID: 25ae612990bab75232c8daec9245eaa7fbb0b38a1306ba03551d9cdaf76ece37
                                                                • Instruction ID: 74767f9e48d159cfb60733d7d929d8fdf0ea723ad319783cee2945a3bd93c402
                                                                • Opcode Fuzzy Hash: 25ae612990bab75232c8daec9245eaa7fbb0b38a1306ba03551d9cdaf76ece37
                                                                • Instruction Fuzzy Hash: E9316725A0CF428AE7208B23A81427D63A1FFA9BB4F5402F5D95F93F74DE3CE0858604
                                                                Function 00007FFE13387F30 Relevance: 24.1, APIs: 16, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                                                • String ID:
                                                                • API String ID: 1684791173-0
                                                                • Opcode ID: 6e5f08eccdd5b29cfe341dff8070fb2ed0092c75082b83863e899f864d342429
                                                                • Instruction ID: 16bb8311ce2f61695694d3e72de098114366baec85570c83db82698d027d6997
                                                                • Opcode Fuzzy Hash: 6e5f08eccdd5b29cfe341dff8070fb2ed0092c75082b83863e899f864d342429
                                                                • Instruction Fuzzy Hash: C8415171A08F4289EB644B22E85437D73A1EFA4B65F0402F5C96E66AB4DF2CE485C709
                                                                Function 00007FFE1463DC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::$Name::operator+atolswprintf_s
                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                • API String ID: 2331677841-2441609178
                                                                • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                • Instruction ID: 522c499576eed4ea1d11116c5bbe249964d06a3d7c1f3c5b546b6c5665516406
                                                                • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                • Instruction Fuzzy Hash: D3F18D32E08E8684FB149B66D9D41FC27A1AF6776CF4400B6D90D26BB5DF3CA91D8390
                                                                Function 00007FFE126D81F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                • API String ID: 883004049-2667845042
                                                                • Opcode ID: bd01afbcdf428c3c6fd1533d6da37d25cba52a063e969e166f86159c4183e5fb
                                                                • Instruction ID: 67055c1ee07280b9c61e2d233ddf4e1334c2bbf045694fc8f0e5bb6bf5b3e439
                                                                • Opcode Fuzzy Hash: bd01afbcdf428c3c6fd1533d6da37d25cba52a063e969e166f86159c4183e5fb
                                                                • Instruction Fuzzy Hash: 4A415C21A08F4A83EA10CB13AC882B963A0FB45BA0F454171DA9D177F4DFBCE806C740
                                                                Function 00007FFE13213548 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_BufferContiguousIndexKeywordsLong_Number_Object_ReleaseSsize_tUnpackmemset
                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                • API String ID: 2593461735-2667845042
                                                                • Opcode ID: 765b22e1d0c43746eefacce39cc61ecbcbbe27cbcf58c331b942709e186efdb8
                                                                • Instruction ID: 8f612bf06eecd3500f1b15192478bd542462fdc6e31fbfa01d8b5f9bc7e6cf33
                                                                • Opcode Fuzzy Hash: 765b22e1d0c43746eefacce39cc61ecbcbbe27cbcf58c331b942709e186efdb8
                                                                • Instruction Fuzzy Hash: B6416062A18F4299EA50AF13DA4466863A1FBA8FA4F444171DE5D237AADF3CE505C700
                                                                Function 00007FFE13385EDC Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                                                • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                                                • API String ID: 1148432870-4238462244
                                                                • Opcode ID: 3f76204c42d358388be91a2e0fa01af582f79ca479d8e6d2f391cea6ebf1b823
                                                                • Instruction ID: 3e002a41c6377da00e9c8b0ee49a2da0dc0f588d58e54b0c7617c60f0fb744a1
                                                                • Opcode Fuzzy Hash: 3f76204c42d358388be91a2e0fa01af582f79ca479d8e6d2f391cea6ebf1b823
                                                                • Instruction Fuzzy Hash: 52515071A18E02C9E750CB66E8445ED33B0FB58768F5402B6EA5EA3EA8DF3CD194C744
                                                                Function 00007FFE13384284 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_String$DeallocErr_Size
                                                                • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                                                • API String ID: 2522550923-2120988924
                                                                • Opcode ID: 4bff7bdefa987b91148ee3b18d677af03c6520adca83e4b60bb055ec74d24b36
                                                                • Instruction ID: 41ef854f638df5dfc693172c7ccd92854c5b4d875e855ba5be1ed1272b468b65
                                                                • Opcode Fuzzy Hash: 4bff7bdefa987b91148ee3b18d677af03c6520adca83e4b60bb055ec74d24b36
                                                                • Instruction Fuzzy Hash: 99412E61A09F0689EB548B17E45437C2360EB64BA4F5452F5DA3E67FA0DF6CE4E18308
                                                                Function 00007FFE13386A44 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: SizeTuple_$Arg_Buffer_ParseRelease$AuditErr_FormatFromLong_Ssize_tSys_
                                                                • String ID: sendto$sendto() takes 2 or 3 arguments (%zd given)$socket.sendto$y*O:sendto$y*iO:sendto
                                                                • API String ID: 3528750861-2448770124
                                                                • Opcode ID: 0194c0e6244d6a72a08d98085803f7896a3b58e6dc587eada0c3a2fa3e416755
                                                                • Instruction ID: d79e0a73191c66bfdaef60d228d1afb503b74152fe1e61a22481a2842b7550a0
                                                                • Opcode Fuzzy Hash: 0194c0e6244d6a72a08d98085803f7896a3b58e6dc587eada0c3a2fa3e416755
                                                                • Instruction Fuzzy Hash: 5B412E31608E4689EB10CF66E8402AD73A4FB947A8F4002B2DA5D63B74DF7CD584C744
                                                                Function 00007FFE13387CE8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 50threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: String$Err_Eval_Thread$Arg_AuditFromParseRestoreSaveSizeSys_Tuple_Unicode_getservbyporthtons
                                                                • String ID: getservbyport: port must be 0-65535.$i|s:getservbyport$port/proto not found$socket.getservbyport
                                                                • API String ID: 3420281234-2618607128
                                                                • Opcode ID: df385e0b112e720f1497a781268f28e1972b04836732b04ec17d0f334ba274de
                                                                • Instruction ID: 84fe19ff18064be79f5b61ac2c9c65d7bba8c9597e51ba9431bd2767bd1fc7ec
                                                                • Opcode Fuzzy Hash: df385e0b112e720f1497a781268f28e1972b04836732b04ec17d0f334ba274de
                                                                • Instruction Fuzzy Hash: B5211921A18E0289EA408B17E85457D6361FFA9BA4F5002F1DA5E67E78DF3DE0D8D708
                                                                Function 00007FFE126E1110 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockTupleType_
                                                                • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                • API String ID: 1600877341-3984722346
                                                                • Opcode ID: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                • Instruction ID: 29c37fe70159b916fd02184901290c5bffed659534948d51db823402a85e0573
                                                                • Opcode Fuzzy Hash: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                • Instruction Fuzzy Hash: 09611B31A08E12C9EB50CB66EC900F837A5BB48BA4B5045B2D90D537F8DFBCD9849780
                                                                Function 00007FFE1463B280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                • Instruction ID: d1cc9f63feb7ec386c762078c63d9f5f9073872e5528c1a9db3dc52715d5b1c8
                                                                • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                • Instruction Fuzzy Hash: 03F16A76B08A869EEB10DFA6D4901FC37B0EB0675CB444076EA4D57BAADE38D51DC380
                                                                Function 00007FFE126E0B5C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0B81
                                                                • PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0B9B
                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0BB0
                                                                • PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0BC7
                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0C40
                                                                • PyErr_Format.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0C89
                                                                • PyErr_SetString.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0CA2
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E5D3A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                • API String ID: 1881886752-3390802605
                                                                • Opcode ID: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                • Instruction ID: 6206e4e2a39d79f3e0bee61e4da1fb69a626772955ab68830513a05dff0b90d6
                                                                • Opcode Fuzzy Hash: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                • Instruction Fuzzy Hash: AE41DA71A08E43C5EA64CF17AC9417863A4FB45BA4B4480B5CA8E677F4EEBDE885D300
                                                                Function 00007FFE133875A4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditErr_FreeMem_ParseSizeStringSys_Tuple_
                                                                • String ID: et:gethostbyaddr$idna$socket.gethostbyaddr$unsupported address family
                                                                • API String ID: 1738687268-1751716127
                                                                • Opcode ID: 17dc3cb58174f4dc7df811a36dd272339ac8b6b8490b7850cf16da8a9be953b1
                                                                • Instruction ID: 5ab07d5813eeec88afbddade2677aafad4f41aa1689c436294ddbc4aeb457f8c
                                                                • Opcode Fuzzy Hash: 17dc3cb58174f4dc7df811a36dd272339ac8b6b8490b7850cf16da8a9be953b1
                                                                • Instruction Fuzzy Hash: D8317361A08E4689E6209F17E8447AE6361BBA8BE0F4002F2DE6D67F74DE7DD484C744
                                                                Function 00007FFE13386660 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Size$Arg_BuildDeallocErr_Keywords_ParseStringTupleValue_
                                                                • String ID: nbytes is greater than the length of the buffer$negative buffersize in recvfrom_into$w*|ni:recvfrom_into
                                                                • API String ID: 252658603-4033050226
                                                                • Opcode ID: cbd05dbb59b33da20bee7d15abf173420b95374231d8228cad919bc37cd99a43
                                                                • Instruction ID: 6d0c44389e11e99a083d0d50e45b21dfb8f47b6f873be5f7a2c2d02aa137b0a0
                                                                • Opcode Fuzzy Hash: cbd05dbb59b33da20bee7d15abf173420b95374231d8228cad919bc37cd99a43
                                                                • Instruction Fuzzy Hash: 0E313C71A08F8289EE108F52E4442BD7364FB697B0F5002B6DA6D63A60DF3DD5C8C704
                                                                Function 00007FFE126E0710 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                • API String ID: 3656606796-2431706548
                                                                • Opcode ID: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                • Instruction ID: d26aab86069d92c58544a0f390ef4882d01e956f76f6ea20e27f028b1d66f6e9
                                                                • Opcode Fuzzy Hash: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                • Instruction Fuzzy Hash: 3E317F25A08E4685EA10CB27EC445B96360FF88FA4F5441B1CA4D677F4DFBCE949CB00
                                                                Function 00007FFE126D86B8 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$MemoryString
                                                                • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                • API String ID: 60457842-2177155514
                                                                • Opcode ID: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                • Instruction ID: 57dfbe31257415d35f8f04f3db1f720f6830844e44866e5692f80da1e04143aa
                                                                • Opcode Fuzzy Hash: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                • Instruction Fuzzy Hash: A1212C65E2CE4F92FAA8872B9C5C47C12A1EF45770F6060B1C08E429F4DEEEF946C200
                                                                Function 00007FFE13387C20 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                                                • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                                                • API String ID: 1135235387-1257235949
                                                                • Opcode ID: 3b5f47b3c7fe93ff51d3c351ac1364b9cc3afc28ca2730272accc108aa8dca2c
                                                                • Instruction ID: 943573f1a807cc661a3e09f9bfc7b8a59aa7c96870baf071ec09d68320cb5937
                                                                • Opcode Fuzzy Hash: 3b5f47b3c7fe93ff51d3c351ac1364b9cc3afc28ca2730272accc108aa8dca2c
                                                                • Instruction Fuzzy Hash: 2F11FE61A0CE4289EA408B13E85427D63B1FBA9BA5F5002F1DA9E63E74DF3CD5D5C704
                                                                Function 00007FFE14633334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 4223619315-393685449
                                                                • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                • Instruction ID: 428fd3f116d8a1dea6ac09ac32cae2476ea7e0ea8e8895d3f770061316f42433
                                                                • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                • Instruction Fuzzy Hash: 94D18372A08F818AEB219F66D4C02AD77A0FB46BACF140175DE8D57B65DF38E498C740
                                                                Function 00007FFE1463ED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Replicator::operator[]
                                                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                • API String ID: 3676697650-3207858774
                                                                • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                • Instruction ID: e871de35ff163a3a33c5c6d9a904e7b6bc426169dbe0e8d7ee0042e6cb00f619
                                                                • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                • Instruction Fuzzy Hash: 9991A536A08E8699FB109F26D8D01B837A0EB5676CF4851B6EA4D037A5DF3CE509C390
                                                                Function 00007FFE13385850 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                                                • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                                                • API String ID: 3532181676-2750947780
                                                                • Opcode ID: 9b7346a9f4b417b4410470c21b5fb1116251040c05f54305fa742b3d80924aa3
                                                                • Instruction ID: 21c32994a0291b0a0335df653ec5e40af21a46d4a9cbf788720da3254969e88c
                                                                • Opcode Fuzzy Hash: 9b7346a9f4b417b4410470c21b5fb1116251040c05f54305fa742b3d80924aa3
                                                                • Instruction Fuzzy Hash: 0D316D72A09E46CAEB14CF26E44056D73A0FB94B64F5002B5E69E53EB8DF3CD489CB04
                                                                Function 00007FFE133862FC Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Arg_Err_FromKeywords_Long_ParseSizeSsize_tStringTuple
                                                                • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ni:recv_into
                                                                • API String ID: 1544103690-1758107600
                                                                • Opcode ID: 673946159e8f77a6d26c868030c16ac5463a28c82a9e80c6b2633c18a65d49cd
                                                                • Instruction ID: 6f75eb29b4588a664d030d2a2cde8e49cf61cb7c443cd8ac3c4fd12a0b54633e
                                                                • Opcode Fuzzy Hash: 673946159e8f77a6d26c868030c16ac5463a28c82a9e80c6b2633c18a65d49cd
                                                                • Instruction Fuzzy Hash: 9E210A61A08F4289EB11CB56E4542AD7360FB697B0F4002B6DA6E63A74DF6CE5C8C708
                                                                Function 00007FFE14639164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                • Instruction ID: 61456153304e47dbe975822ab0a9bd647256018add6bb59090f510f43b99a53c
                                                                • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                • Instruction Fuzzy Hash: EC713B72B18E8699EB10DF66D4901EC33B1AB4579CB808472DA0D57BA9DF38D61DC7C0
                                                                Function 00007FFE126D7FEC Relevance: 16.7, APIs: 11, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Mem_$memcpy$Bytes_DeallocErr_FreeFromMallocNoneReallocSizeStringmemmove
                                                                • String ID:
                                                                • API String ID: 1220578264-0
                                                                • Opcode ID: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                • Instruction ID: 8bd0b25d4aebc83c19e1e4b0cb0566c94b5a3b00c7571ba10c8784d497c5e95c
                                                                • Opcode Fuzzy Hash: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                • Instruction Fuzzy Hash: 8D513C22A09F4A86EB60CF26AD4827963A5FB44FA4F184175CE8D177B4DF7CE4568340
                                                                Function 00007FFE1463AAC8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                • API String ID: 2943138195-1464470183
                                                                • Opcode ID: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                • Instruction ID: 08692e09a4bcd3678cc342f6370091d84deec46e14827e1392512b139d491b00
                                                                • Opcode Fuzzy Hash: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                • Instruction Fuzzy Hash: 87516E71E08E9689FB10CB66E8C05BC27B1BB0676CF5441B5DA4E13BA9DF38E549D380
                                                                Function 00007FFE133868DC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Err_Release$Arg_CheckDeadline_ParseSignalsSizeStringTuple_
                                                                • String ID: timed out$y*|i:sendall
                                                                • API String ID: 1463051379-3431350491
                                                                • Opcode ID: 00d1fe47f6855c3b5d42d86fbf0b7457282001a731998b6d4c743e6650992aaa
                                                                • Instruction ID: a84c6590942b24be2501816caff5cdf2807a9589442972a8afb212615a9565ca
                                                                • Opcode Fuzzy Hash: 00d1fe47f6855c3b5d42d86fbf0b7457282001a731998b6d4c743e6650992aaa
                                                                • Instruction Fuzzy Hash: D9411032608E828AE7109F16E8403AD7364FB54BA4F5441B5DE6E63F65DF3CE4859704
                                                                Function 00007FFE133863EC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_DeallocSizeStringTuple_$Arg_Err_FromPackParseResize
                                                                • String ID: negative buffersize in recvfrom$n|i:recvfrom
                                                                • API String ID: 3092067012-1867657612
                                                                • Opcode ID: 73346fe6d78f416ddd0d404cc1eab1bd50427c101807ce8ae55e63a2c3ceedcf
                                                                • Instruction ID: 5496b0f85759050565d3768b5f4a740260d78d55d6b8e437f7f6587ee162b333
                                                                • Opcode Fuzzy Hash: 73346fe6d78f416ddd0d404cc1eab1bd50427c101807ce8ae55e63a2c3ceedcf
                                                                • Instruction Fuzzy Hash: 67311A71A09F428AEA418B16E44467D63A0EFA4BB4F0442B5DA6E67E74DF3CE0C4D704
                                                                Function 00007FFE133877C0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 60threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_AuditFreeMem_ParseRestoreSaveSizeSys_Tuple_gethostbyname
                                                                • String ID: et:gethostbyname_ex$idna$socket.gethostbyname
                                                                • API String ID: 646687969-574663143
                                                                • Opcode ID: ecae8c52844685ee7768a9ded28dbc98570d1ed912cf0638831457c899a20b59
                                                                • Instruction ID: e555ad9f930280fad19df576280486efc648bfa38623446d8e20374d675e8930
                                                                • Opcode Fuzzy Hash: ecae8c52844685ee7768a9ded28dbc98570d1ed912cf0638831457c899a20b59
                                                                • Instruction Fuzzy Hash: 34214121618E8289E6109B13E4442AE6361FBA8BE0F4442B6DE5D63F64DF3CD185C744
                                                                Function 00007FFE133883C0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_ErrnoFromParseSizeStringTuple_inet_pton
                                                                • String ID: illegal IP address string passed to inet_pton$is:inet_pton$unknown address family
                                                                • API String ID: 907464-903159468
                                                                • Opcode ID: 5f6f26fc013610328acae758eccd67dd248d553df625ba587abfcb104ef9a032
                                                                • Instruction ID: 3afd8e497eb95d3023bbd32cee8752dbf87cbc424d2a9eadbe9f348a543e0d27
                                                                • Opcode Fuzzy Hash: 5f6f26fc013610328acae758eccd67dd248d553df625ba587abfcb104ef9a032
                                                                • Instruction Fuzzy Hash: C4211222A1CD4689EA50DB12E45017D2761FFA4B64F9002F1E56EA7EB4CF2CE5C4C704
                                                                Function 00007FFE13382A20 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 91504536c4c753e82cdbe588412995d0809db0d3d25c664ce5a0f1fe9eeb7b4f
                                                                • Instruction ID: 30227aad38cab671fdcec38eebc65330b8d64e0a9e3ca15b4811a406ad1fbc1c
                                                                • Opcode Fuzzy Hash: 91504536c4c753e82cdbe588412995d0809db0d3d25c664ce5a0f1fe9eeb7b4f
                                                                • Instruction Fuzzy Hash: EF819E20E09E038EFA509B6794412BD6290AF657B0F1442F5D92DA7FB2DE3CE8C58708
                                                                Function 00007FFE126E3550 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                • Instruction ID: 6a5d1a9a7325518aad03aaa59baa1be6ee6a0266b3d92920c228ff7b99baa229
                                                                • Opcode Fuzzy Hash: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                • Instruction Fuzzy Hash: 3081B160E0CE4386FB50EB679C512B96690AF85BA0F5480B5DA0D477F2DFFCE8658740
                                                                Function 00007FFE148B1190 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: b57b117b731fe6fadf01a2aa5e6dfd03c7664753ee25818152bc9f2dcd8646e2
                                                                • Instruction ID: 0954d822aeafabbaaa0b0900473a49df1a17cec6a7d765d926569fa9f7e0ea85
                                                                • Opcode Fuzzy Hash: b57b117b731fe6fadf01a2aa5e6dfd03c7664753ee25818152bc9f2dcd8646e2
                                                                • Instruction Fuzzy Hash: D8817A21E08E438EFA509B6794C12B92691BF477E0F5481B5FA4D8B7B6DF2CA84D8700
                                                                Function 00007FFE1321A2F0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 2eaa67de80a121e031fad50f9f59be50fff6b26d2a98fc10d8919c7430d16f7e
                                                                • Instruction ID: 849ca409fabefa88ebe22b112c4b9b22257a38b8b879adab904b5a3afedde605
                                                                • Opcode Fuzzy Hash: 2eaa67de80a121e031fad50f9f59be50fff6b26d2a98fc10d8919c7430d16f7e
                                                                • Instruction Fuzzy Hash: A7816C21E0CE438EFA54BB67AA4127962E0AFF57A0F5440B5D90D633B7DE3DE946C600
                                                                Function 00007FFE13213270 Relevance: 15.2, APIs: 10, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Mem_memcpy$Bytes_DeallocFromMallocReallocSizeString
                                                                • String ID:
                                                                • API String ID: 2377850682-0
                                                                • Opcode ID: 41b2a13bf521d5b7757f118eec8ced83366289b083df3c13bbfcfecfc1a8147d
                                                                • Instruction ID: 3f5db416dfa904720435a4842480e2a8a635662e34db75aee67e4a89e041f6d2
                                                                • Opcode Fuzzy Hash: 41b2a13bf521d5b7757f118eec8ced83366289b083df3c13bbfcfecfc1a8147d
                                                                • Instruction Fuzzy Hash: C8517D32A09F4289EB50AF239A4427963A5FFA4FA4F188475CE8D67766DF3CE441C344
                                                                Function 00007FFE13387090 Relevance: 15.1, APIs: 10, Instructions: 60networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Long$Err_FromLong_Socketclosesocket$CurrentDuplicateHandleInformationOccurredProcessWindows
                                                                • String ID:
                                                                • API String ID: 3394293678-0
                                                                • Opcode ID: 4c347251b0cb3e997720691e5f1e8047ee37cb6823bc12014edeb51918814818
                                                                • Instruction ID: 1e9e586b49eee0898962c8d1446ec33292e8349565fc0a8587e2528f575a3ab6
                                                                • Opcode Fuzzy Hash: 4c347251b0cb3e997720691e5f1e8047ee37cb6823bc12014edeb51918814818
                                                                • Instruction Fuzzy Hash: B1213560A1DE4285EA255B23A85837D6291AFA9BB4F0403F4C83E66FF4DF3CE0948604
                                                                Function 00007FFE146337F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 211107550-393685449
                                                                • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                • Instruction ID: d5dbed2dccdc14e235fe571a236d31956a1cdac4d5ac1da6b09e4a8bd6a2f271
                                                                • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                • Instruction Fuzzy Hash: BEE19E73908AC28AE7219F36D4C02AD77A0FB46B6CF140275DA8D577A5DF38E489C780
                                                                Function 00007FFE13211ED4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: %d work, %d block, ratio %5.2f$ too repetitive; using fallback sorting algorithm$VUUU
                                                                • API String ID: 711238415-2988393112
                                                                • Opcode ID: c9a2b1f2fff8b693f84e6fade5b350d543d714228db9c5a9fe61d7526b9c9b01
                                                                • Instruction ID: bfb4fb12a5f92d860ba507c67417b83ec8224202bf7309052f41eecafbeb5ade
                                                                • Opcode Fuzzy Hash: c9a2b1f2fff8b693f84e6fade5b350d543d714228db9c5a9fe61d7526b9c9b01
                                                                • Instruction Fuzzy Hash: BC41B632A08B418BE614AF26954517973A5FBE4B74F100275DE0E637B7DF3DE442C600
                                                                Function 00007FFE148B266C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                • API String ID: 3320488554-3996108163
                                                                • Opcode ID: 663c9d7e54148f1ae31ea019f9802c07c2ccdac2675d68113b08dfc84bed29b7
                                                                • Instruction ID: 0df5d861dd82fb24af12961be9b0c2d6f3d1540ab10169b6c5e73a27a5a49d22
                                                                • Opcode Fuzzy Hash: 663c9d7e54148f1ae31ea019f9802c07c2ccdac2675d68113b08dfc84bed29b7
                                                                • Instruction Fuzzy Hash: 82417036A08F0289EB158F16D98817877A5FB96BB4F1442B1EE6E437B4DF38E459C304
                                                                Function 00007FFE1463C7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                • API String ID: 2943138195-2239912363
                                                                • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                • Instruction ID: 3e89c93d576595e0ce4463e5a97b265114053a3f58687aaccd95906a596681fd
                                                                • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                • Instruction Fuzzy Hash: CD515F72E18F9598FB118F62D8812BC3BB4BB0A76CF454176DA4D127A9DF3CA148C790
                                                                Function 00007FFE126D84D0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                • String ID: argument$compress$contiguous buffer
                                                                • API String ID: 1731275941-2310704374
                                                                • Opcode ID: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                • Instruction ID: d512c9f1c3437fa0390aaeee16a7314cf30a9c7baeea5d7d2bb0a1ee8b3907f1
                                                                • Opcode Fuzzy Hash: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                • Instruction Fuzzy Hash: 24116362B08E4A92EB10CB27EC442B96361FB89B94F948171DA4D536B4DFBCD94AC740
                                                                Function 00007FFE13212690 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                • String ID: argument$compress$contiguous buffer
                                                                • API String ID: 1731275941-2310704374
                                                                • Opcode ID: 14121d2eb2f0784b8e94f491fcd0c9020d2f8b8e0951888bcb593b8e05aee52d
                                                                • Instruction ID: f4af7284d3223d10cc311a1cb0f0f374cdd833cf374e83a1ffa69c844849599d
                                                                • Opcode Fuzzy Hash: 14121d2eb2f0784b8e94f491fcd0c9020d2f8b8e0951888bcb593b8e05aee52d
                                                                • Instruction Fuzzy Hash: 61118162B18F8295EB20EB26EA502B9A360FBE8F90F544171E94D63675EF3CD549C700
                                                                Function 00007FFE1338855C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                                                • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                                                • API String ID: 4240314503-2798848688
                                                                • Opcode ID: c3110628e0ff8c45ed48e6e42bc6a9de53dce8f64d393fbe66996934f00f37bc
                                                                • Instruction ID: 576e4d18ef0f3351adc7589d3fa11714dd9c4752b1ab6b5f5852da155e90b2f2
                                                                • Opcode Fuzzy Hash: c3110628e0ff8c45ed48e6e42bc6a9de53dce8f64d393fbe66996934f00f37bc
                                                                • Instruction Fuzzy Hash: A9110D21B09E428AEB509B6AE49027C2251AB64BB0F1043F5DA3E57BF4DF6CE5C58318
                                                                Function 00007FFE133855C4 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 37threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$Eval_ExceptionThread$MatchesRaisedResourceRestoreSaveUnraisableWarningWriteclosesocket
                                                                • String ID: unclosed %R
                                                                • API String ID: 1660182617-2306019038
                                                                • Opcode ID: 25b85fd08a291e67ea72e71a9db263f5598e99ae11a4cc00c223ef1659b4300f
                                                                • Instruction ID: 8ebda6ad915dadd4b66d5457bebcb7bcf13d3400916b193f0e18af35a33fcf1a
                                                                • Opcode Fuzzy Hash: 25b85fd08a291e67ea72e71a9db263f5598e99ae11a4cc00c223ef1659b4300f
                                                                • Instruction Fuzzy Hash: 8A01B725A19F4286E6149F23A8040A86361BB59BB4B0813B1DE7F67BF5CF3CD5D5C314
                                                                Function 00007FFE13387B9C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_getprotobyname
                                                                • String ID: protocol not found$s:getprotobyname
                                                                • API String ID: 862796068-630402058
                                                                • Opcode ID: 5e26fb8bbdc9310467d939e6e5269e35e791270880cd3d67430df1cfafc901d3
                                                                • Instruction ID: 320978e66f54f6cff0836b840baf9a5a2661761f95156a5e11e130b8a6707f05
                                                                • Opcode Fuzzy Hash: 5e26fb8bbdc9310467d939e6e5269e35e791270880cd3d67430df1cfafc901d3
                                                                • Instruction Fuzzy Hash: 8F010C65A18E428ADA159B13E94407D6361FBA8BA1F5402F1D96E67E34DF2CD0D48708
                                                                Function 00007FFE13388170 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                                                • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                                                • API String ID: 717551241-4110412280
                                                                • Opcode ID: 084e9850ab497b4604530a89a794d3b40a20c62355ffc3e93d442b1fc817a547
                                                                • Instruction ID: 4c28750f38b196c014275f7debcd4cd5177b1de490696a081809fcfc6575fde2
                                                                • Opcode Fuzzy Hash: 084e9850ab497b4604530a89a794d3b40a20c62355ffc3e93d442b1fc817a547
                                                                • Instruction Fuzzy Hash: 67014460A08D0389EA009B26EC5407D2771EFA1BB4F6003F1D63DA69B4DF2DD4C9C708
                                                                Function 00007FFE133881F0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_ReleaseString$Arg_Err_FromParseSizeTuple_Unicode_inet_ntoa
                                                                • String ID: packed IP wrong length for inet_ntoa$y*:inet_ntoa
                                                                • API String ID: 1492101624-3027498899
                                                                • Opcode ID: a37c0709ab42e32b6aa69015115254f28bf8fa2c783f834efdb7c9b9a77bb895
                                                                • Instruction ID: f4d9caf4da774e59b72d7e60e94d06acb1e298e2c860e92cef61e54019d779ed
                                                                • Opcode Fuzzy Hash: a37c0709ab42e32b6aa69015115254f28bf8fa2c783f834efdb7c9b9a77bb895
                                                                • Instruction Fuzzy Hash: 15012C31A08E428AEB10DF26E8940BD63A0FBA8B64F5402F1D65E67A74DF3CD1C9C714
                                                                Function 00007FFE13384F14 Relevance: 13.6, APIs: 9, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$ErrorFromLastLongclosesocket$CheckHandleInformationLong_SignalsStringWindowsmemset
                                                                • String ID:
                                                                • API String ID: 205095079-0
                                                                • Opcode ID: 7e2d04470de31f4351b15ac443bcd17531285cff5ddf6e7177ad4701d4908fb7
                                                                • Instruction ID: 78a9568132b0097ccdec778b5af66aad367b75a7bc057fc274a7d7068adce33f
                                                                • Opcode Fuzzy Hash: 7e2d04470de31f4351b15ac443bcd17531285cff5ddf6e7177ad4701d4908fb7
                                                                • Instruction Fuzzy Hash: DB416571A0CF82C9EA649B13E4443BD63A0FFA4B94F4442B5DA9D26FA9DF3DD0848744
                                                                Function 00007FFE1463662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                • API String ID: 1852475696-928371585
                                                                • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                • Instruction ID: a06894c29486aebfa63eba578e0e1a79f0d0e7fb775cb7756f0f01177fd72e93
                                                                • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                • Instruction Fuzzy Hash: 4C517C62B18E8A92EE30CB66E8D02B96360FF46BACF444471DA4D03775DE3CE949C740
                                                                Function 00007FFE126E246C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E24B8
                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E24FC
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E2518
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E2567
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                • String ID: Unable to allocate output buffer.
                                                                • API String ID: 76732796-2565006440
                                                                • Opcode ID: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                • Instruction ID: bfdda80056fcdba7902d33f3b71496b8c8dcd606399f2995c3936e0eb15b51b3
                                                                • Opcode Fuzzy Hash: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                • Instruction Fuzzy Hash: 2F410CB6A19E0285EB15CF27DDA426927A1FB48FA4F184472CE0D477B5CFB8E891C340
                                                                Function 00007FFE126E083C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyDict_New.PYTHON312(?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E0849
                                                                  • Part of subcall function 00007FFE126E0970: PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E0988
                                                                  • Part of subcall function 00007FFE126E0970: PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E0999
                                                                  • Part of subcall function 00007FFE126E0970: PyDict_SetItem.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E09B4
                                                                • PyErr_Format.PYTHON312(?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E5C50
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E5C6C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                                                • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                                                • API String ID: 1484310907-3368833446
                                                                • Opcode ID: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                • Instruction ID: fc24e26584ec9f5bc57abd4a0df82b61e5f943415d1bde89ec3a32d0b2468ef0
                                                                • Opcode Fuzzy Hash: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                • Instruction Fuzzy Hash: 1A412B31A18E03D1FA24CF57AD941782360EF65BB4F0451B6C62D566F4EFBCA8A5C701
                                                                Function 00007FFE14636FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE146371A3,?,?,00000000,00007FFE14636FD4,?,?,?,?,00007FFE14636D11), ref: 00007FFE14637069
                                                                • GetLastError.KERNEL32(?,?,?,00007FFE146371A3,?,?,00000000,00007FFE14636FD4,?,?,?,?,00007FFE14636D11), ref: 00007FFE14637077
                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE146371A3,?,?,00000000,00007FFE14636FD4,?,?,?,?,00007FFE14636D11), ref: 00007FFE14637090
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE146371A3,?,?,00000000,00007FFE14636FD4,?,?,?,?,00007FFE14636D11), ref: 00007FFE146370A2
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FFE146371A3,?,?,00000000,00007FFE14636FD4,?,?,?,?,00007FFE14636D11), ref: 00007FFE14637110
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE146371A3,?,?,00000000,00007FFE14636FD4,?,?,?,?,00007FFE14636D11), ref: 00007FFE1463711C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                • String ID: api-ms-
                                                                • API String ID: 916704608-2084034818
                                                                • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                • Instruction ID: 653b30cff2527360495fe8232a53a2021bfaba85cd95f77617bb2df5d9fc16fd
                                                                • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                • Instruction Fuzzy Hash: 9531B061B1AF8291EE119B43A8806B523A4FF06FB9F1D8574DD1D0B7A4EF3CE5888350
                                                                Function 00007FFE126E6380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFE126E4D6B,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E63B8
                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFE126E4D6B,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E641B
                                                                • PyList_Append.PYTHON312(?,?,?,00007FFE126E4D6B,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E642F
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE126E4D6B,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E644B
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE126E4D6B,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E6464
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                • API String ID: 1563898963-3455802345
                                                                • Opcode ID: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                • Instruction ID: 8f592f760b7e3eff6d21c3ec379c6c04258e2b797cb2d0c0bc81d9ff69ae81e1
                                                                • Opcode Fuzzy Hash: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                • Instruction Fuzzy Hash: 0B310522A18F46C5EA14CB27ED4416863A1AB44BF4F1492B1DA6E477F8DFBCE8458300
                                                                Function 00007FFE1321C790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                • API String ID: 1563898963-3455802345
                                                                • Opcode ID: ff338362e5abe2334e11cb080246bf7f77446c403590bc40d540ec3316304a65
                                                                • Instruction ID: e28e5631c598b421136135fcc259f6810f5e26b85ec5c4c2d2e342db35940053
                                                                • Opcode Fuzzy Hash: ff338362e5abe2334e11cb080246bf7f77446c403590bc40d540ec3316304a65
                                                                • Instruction Fuzzy Hash: 3E318D36A08F5689EE14AB26EA4422963A4EBA4FF4F104671D92D637F6DF7CE441C300
                                                                Function 00007FFE1321222C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_KeywordsLong_ModuleModule_StateType_
                                                                • String ID: BZ2Compressor
                                                                • API String ID: 694278274-1096114097
                                                                • Opcode ID: c29017a166be628f3c043c4071bfaebd4dc5a5912452c5fe267a8d3f159135bf
                                                                • Instruction ID: a3c957476710ce37920561fa1558538e5eba401c53ae2a306135645d7e862626
                                                                • Opcode Fuzzy Hash: c29017a166be628f3c043c4071bfaebd4dc5a5912452c5fe267a8d3f159135bf
                                                                • Instruction Fuzzy Hash: F6218271A08F4689EB64AB13AA4017DA3A0EBE9FA0F0841B1DD0D677B2DF7CE455C300
                                                                Function 00007FFE126D95F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                • String ID: Already at end of stream
                                                                • API String ID: 2195683152-1334556646
                                                                • Opcode ID: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                • Instruction ID: 5d6b81ac9d18d5ecdd75e364ca7040f0ed16f1fd97f50dd0c19e72c1d4adecad
                                                                • Opcode Fuzzy Hash: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                • Instruction Fuzzy Hash: 8F115825A08E8686EA14DB63EC441A96365FB88FE0F1840B2DE4E577B4CF7CE455C300
                                                                Function 00007FFE132136D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lockmemcpy
                                                                • String ID: End of stream already reached
                                                                • API String ID: 180092378-3466344095
                                                                • Opcode ID: 309d9335925c998c01d05fe5717c16006e6c4eec569cf43e6d0882e4142690fe
                                                                • Instruction ID: 84aac944d5c0fdf1d93df34478996553288a64340da03ee2bdb785932232af0d
                                                                • Opcode Fuzzy Hash: 309d9335925c998c01d05fe5717c16006e6c4eec569cf43e6d0882e4142690fe
                                                                • Instruction Fuzzy Hash: E2113D76A08E4189EA14EB23EA54269A761FBD9FE0F0840B1DE0E63736CF3CE455C300
                                                                Function 00007FFE126D9010 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFE126D8536), ref: 00007FFE126D9036
                                                                • PyThread_release_lock.PYTHON312(?,?,?,00007FFE126D8536), ref: 00007FFE126D9068
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFE126D8536), ref: 00007FFE126D9098
                                                                  • Part of subcall function 00007FFE126D8564: PyType_GetModuleState.PYTHON312 ref: 00007FFE126D859D
                                                                  • Part of subcall function 00007FFE126D8564: PyBytes_FromStringAndSize.PYTHON312 ref: 00007FFE126D85B1
                                                                  • Part of subcall function 00007FFE126D8564: PyList_New.PYTHON312 ref: 00007FFE126D85C8
                                                                  • Part of subcall function 00007FFE126D8564: PyEval_SaveThread.PYTHON312 ref: 00007FFE126D8619
                                                                  • Part of subcall function 00007FFE126D8564: PyEval_RestoreThread.PYTHON312 ref: 00007FFE126D8633
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FFE126D8536), ref: 00007FFE126E4F44
                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFE126D8536), ref: 00007FFE126E4F59
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFE126D8536), ref: 00007FFE126E4F62
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                • String ID: Compressor has been flushed
                                                                • API String ID: 3871537485-3904734015
                                                                • Opcode ID: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                • Instruction ID: 80fd073fd16a2631be5ab4a368728fc8ffbe13f2147d2286ff58ccec9fc2b7e1
                                                                • Opcode Fuzzy Hash: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                • Instruction Fuzzy Hash: 79110A21A08E86C6EA54DB23EC442696366FB88FE0F4440B5DE4E57BB4CFBCE455C740
                                                                Function 00007FFE132125FC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lock
                                                                • String ID: Compressor has been flushed
                                                                • API String ID: 1906554297-3904734015
                                                                • Opcode ID: 44824e688ac5818207e66a8fa07d8ee67426f91ffe2dff722fcdce01adc47589
                                                                • Instruction ID: acbcd3c14adf9d8ecd820fcfa66bb1321c617d3a2a3b4ec3989df56dd293f95f
                                                                • Opcode Fuzzy Hash: 44824e688ac5818207e66a8fa07d8ee67426f91ffe2dff722fcdce01adc47589
                                                                • Instruction Fuzzy Hash: 4E113D71A08E8285EA14EB13EA54139A360FBD9FE0B045071DE0D63B76CF3CE455C340
                                                                Function 00007FFE126E2F1C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                • String ID: Repeated call to flush()
                                                                • API String ID: 3871537485-194442007
                                                                • Opcode ID: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                • Instruction ID: b4fdb709c5529c7f144603830d62dbcb0c7722c1f9ffdb694ddc68533af870f2
                                                                • Opcode Fuzzy Hash: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                • Instruction Fuzzy Hash: BB112121B18E82C6EA54CB27EC446796365FB84FA0F1440B1DA0E477B4CFBCE455C741
                                                                Function 00007FFE1321200C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_SizeThread_release_lock
                                                                • String ID: Repeated call to flush()
                                                                • API String ID: 3236580226-194442007
                                                                • Opcode ID: 5871bef96599481079b609c1d245c472c7a68676c479b15d6616a7a45fe64ed0
                                                                • Instruction ID: ff4741cd988ed4f270a553e3af643d3a640260f2b3d54284c4517650a27f5830
                                                                • Opcode Fuzzy Hash: 5871bef96599481079b609c1d245c472c7a68676c479b15d6616a7a45fe64ed0
                                                                • Instruction Fuzzy Hash: 93115131A08E5286FA14AB13EA54179A360FBE9FA0F044171DA0D53B76CF7CE495C340
                                                                Function 00007FFE133880E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_DeallocErr_ParseSizeStringTuple_if_nametoindex
                                                                • String ID: O&:if_nametoindex$no interface with this name
                                                                • API String ID: 3052430728-3835682882
                                                                • Opcode ID: 3ac5c3a51fb341192d0c4d14695c2bd4c19b6b6ccdf855b40aa773fc1d6a75dc
                                                                • Instruction ID: e748c68fb8d92401e752e89b1e3155bb2983695c8c53b8bc7cf63b1c45130dc9
                                                                • Opcode Fuzzy Hash: 3ac5c3a51fb341192d0c4d14695c2bd4c19b6b6ccdf855b40aa773fc1d6a75dc
                                                                • Instruction Fuzzy Hash: 33011E61A08E0389EB109F23F88017D2360BFA9BA4F5016F1C56E67A71DF7DE4C48708
                                                                Function 00007FFE13387E48 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                                                • API String ID: 1102113319-997571130
                                                                • Opcode ID: 6fe04cd82cc3000d18dcf2e81bb2daf4d1c2563f8a0b84c539f7a4416ede929e
                                                                • Instruction ID: f1f9f06c95b5a2160bb5b4956841543a41aa4b8908fb26eefd93f294dca6f1a2
                                                                • Opcode Fuzzy Hash: 6fe04cd82cc3000d18dcf2e81bb2daf4d1c2563f8a0b84c539f7a4416ede929e
                                                                • Instruction Fuzzy Hash: 93F01D61A08E4389EA158B57E89017C3362BF65BA5F9006F5C56E66DB0CF2CF8D8D318
                                                                Function 00007FFE133884F4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                • String ID: i:ntohs$ntohs: Python int too large to convert to C 16-bit unsigned integer$ntohs: can't convert negative Python int to C 16-bit unsigned integer
                                                                • API String ID: 1102113319-2476431691
                                                                • Opcode ID: 89a767ad913e0f8faf4df47f62d0b46607f468db7b7541010cbad5f5dbaaabd7
                                                                • Instruction ID: 08453a17e30d474a1425e3d544c2289ce16dd8bf7ac1c6fbe0a392e2d5acce76
                                                                • Opcode Fuzzy Hash: 89a767ad913e0f8faf4df47f62d0b46607f468db7b7541010cbad5f5dbaaabd7
                                                                • Instruction Fuzzy Hash: 68F036A0E0DE4389EA548B17F85017C2360BF65761F9006F5C52E6AD74DF2CE5C8D318
                                                                Function 00007FFE14632E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1501936508-0
                                                                • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                • Instruction ID: 3d13735837b67a25e2f227b1d7c05ed0aa94c2cb5a6ea284c535f53778f0a18c
                                                                • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                • Instruction Fuzzy Hash: 8051C221A49EC681EE65DF1394C46386394AF46FACF1980B9EA4D077B5DF3CE489C380
                                                                Function 00007FFE14632C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1501936508-0
                                                                • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                • Instruction ID: 9240ab2772df847c2ef41766da282f764287d4a0d718f8b223f2e4677533c996
                                                                • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                • Instruction Fuzzy Hash: 8B51B171A09E9681FEA59B17D4C46396394AF46FACB0940B6CE4D067F5DF3CE44AC380
                                                                Function 00007FFE1463EB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: {for
                                                                • API String ID: 2943138195-864106941
                                                                • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                • Instruction ID: 8a1f58dca8d6b8df0ef954535dfbc4ae9541f7c4689815624ecd80667b4825d2
                                                                • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                • Instruction Fuzzy Hash: 67515F72A08E859DEB019F66D8813E837A0EB4676CF4490B2EA4D07BA5DF7CE558C350
                                                                Function 00007FFE126D8564 Relevance: 10.6, APIs: 7, Instructions: 125threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                • String ID:
                                                                • API String ID: 2831925710-0
                                                                • Opcode ID: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                • Instruction ID: 3c59f3fc4537e4b66b67ba740284f7cc472fc5b689647518d56ce96e771522e3
                                                                • Opcode Fuzzy Hash: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                • Instruction Fuzzy Hash: 09516126A09F5A86EA609B27DD4417923A0FF48B70F540275DE9D43BE0DFBCE851C340
                                                                Function 00007FFE13219C6C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                • String ID: Unable to allocate output buffer.
                                                                • API String ID: 76732796-2565006440
                                                                • Opcode ID: 192d9c9cdf7fb7c81c0bae171a6cbb097aeaf5356c6e4851a41644aa9c401917
                                                                • Instruction ID: efca35ae231ec3fee4f180ec8cb1789e938bbb655fb0c86027553ddbf91ba0e5
                                                                • Opcode Fuzzy Hash: 192d9c9cdf7fb7c81c0bae171a6cbb097aeaf5356c6e4851a41644aa9c401917
                                                                • Instruction Fuzzy Hash: DF417C76B09E0289EB19AF17C64026873A0FBA9FA4F184072CE4D63776CF79E491C340
                                                                Function 00007FFE1463E174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::atol
                                                                • String ID: `template-parameter$void
                                                                • API String ID: 2130343216-4057429177
                                                                • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                • Instruction ID: 93353bb7bc83ab6704e5a15351e5491d77cd75896b8b6cc444f94a7072b7ae81
                                                                • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                • Instruction Fuzzy Hash: 51413922B08F9698FB00DBA2D8912AC33A1BB4A7A8F545175DE0C16769DF7CA549C380
                                                                Function 00007FFE14638EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+Replicator::operator[]
                                                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                • API String ID: 1405650943-2211150622
                                                                • Opcode ID: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                • Instruction ID: a45a710232e0504deb0367180059944db467b0dc2337bf537fe57dada0da6102
                                                                • Opcode Fuzzy Hash: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                • Instruction Fuzzy Hash: EB413A75E08F8A9DFB018B66D8902B837E1BB0639CF4855B5DA4C12375DF7CA549C780
                                                                Function 00007FFE1463ACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: char $int $long $short $unsigned
                                                                • API String ID: 2943138195-3894466517
                                                                • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                • Instruction ID: 760f7b1b0e177612825a5c25bf540fc3165e1d50832a4f6839ed854d4a91bbcb
                                                                • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                • Instruction Fuzzy Hash: B3315E32E18E9588EB018F6AD8901BC37A0FB0675DF448172DA4C06B78DF7CA508D740
                                                                Function 00007FFE132122D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_StringThread_allocate_lockmemset
                                                                • String ID: Unable to allocate lock$compresslevel must be between 1 and 9
                                                                • API String ID: 451674277-2500606449
                                                                • Opcode ID: 3dccc7cd2452e4a8ba701b6261aeff0617572921f18deb801f63fe5c7fd59db8
                                                                • Instruction ID: 2a60dbcf6a911f54699f7ea15b7f5860b2222cdf0b1578127eca6d75e78008de
                                                                • Opcode Fuzzy Hash: 3dccc7cd2452e4a8ba701b6261aeff0617572921f18deb801f63fe5c7fd59db8
                                                                • Instruction Fuzzy Hash: F8213D31A08F0389EB15BB26EA4427863A8AFF9B64F1440B1D60D622B6DF7CE455C300
                                                                Function 00007FFE13213838 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$Bytes_Err_FromSizeThread_allocate_lock
                                                                • String ID: Unable to allocate lock
                                                                • API String ID: 553681934-3516605728
                                                                • Opcode ID: 759680a25ddd07c6aa1ccb4943ed979172cd353d0607e0d9c42c479e1e040031
                                                                • Instruction ID: 32e442220eb21c8d157d18931e872b476f0fc31cc4e41f0feae25e34d998a9c4
                                                                • Opcode Fuzzy Hash: 759680a25ddd07c6aa1ccb4943ed979172cd353d0607e0d9c42c479e1e040031
                                                                • Instruction Fuzzy Hash: B9211231E09F03C9FB557F36EA553B822A5AFA8B69F0444B5CA0D552B6DFBCA448C310
                                                                Function 00007FFE133876FC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditFreeMem_ParseSizeSys_Tuple_
                                                                • String ID: et:gethostbyname$idna$socket.gethostbyname
                                                                • API String ID: 3195760359-1353326193
                                                                • Opcode ID: d320ddd8cf467191825d76107121f03e2110b40a9b42c9140a73192e072f53c4
                                                                • Instruction ID: 72081e306dba972b3197ad3793a880fe6fe635771dd9b9ece3f8ba3779d815d5
                                                                • Opcode Fuzzy Hash: d320ddd8cf467191825d76107121f03e2110b40a9b42c9140a73192e072f53c4
                                                                • Instruction Fuzzy Hash: 2A117521718E4289E7109B23F4401AE6361FFA8BE4F4002B5FA6E67E74DE3CE181C704
                                                                Function 00007FFE126E1F4C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                • String ID: Invalid filter specifier for delta filter$|OO&
                                                                • API String ID: 3027669873-2010576982
                                                                • Opcode ID: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                • Instruction ID: 5b2bafb7fcde3f371cee35163200ed7f5261b88e8d0ee7554c601d4a5af8d905
                                                                • Opcode Fuzzy Hash: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                • Instruction Fuzzy Hash: 3B110575A09E03DAEB00CB22EC546A933A4FB44B65F5041B6CA0D473B0DFBDE80AD780
                                                                Function 00007FFE126E1EC0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                • API String ID: 3027669873-3728029529
                                                                • Opcode ID: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                • Instruction ID: 9e42e07199d34665a9f9f1bc934754ec1007c5b52a20c525e1690d6b997c853b
                                                                • Opcode Fuzzy Hash: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                • Instruction Fuzzy Hash: 5E01D775A08F42D9EB00CB26EC441A933A4FB44B64F5001B5D61D477B0DFBCE909D791
                                                                Function 00007FFE13388484 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                • String ID: expected int, %s found
                                                                • API String ID: 3347179618-1178442907
                                                                • Opcode ID: 1cbb25d059c373463275cb9141ec41ce007bb3d03350516039de7c41e169b97a
                                                                • Instruction ID: 98e8838a17c14525f9bfa0a7182a419337ea3258abcbdc95e2958934ef6d7270
                                                                • Opcode Fuzzy Hash: 1cbb25d059c373463275cb9141ec41ce007bb3d03350516039de7c41e169b97a
                                                                • Instruction Fuzzy Hash: F9F03161A09E42CAEA549B63A88417D2760BF69B75F1407F5D52F67AB0CF3CE4C8C308
                                                                Function 00007FFE13387DD8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                • String ID: expected int, %s found
                                                                • API String ID: 3347179618-1178442907
                                                                • Opcode ID: b2daa29250e1f6628aa8a96a2420fefb0829875c2a9b427d46b77ebb6b88cbc8
                                                                • Instruction ID: 640b7168aaa2a0b144ecc16b369deb1bf847166c8e4c8614046aab8836abdd93
                                                                • Opcode Fuzzy Hash: b2daa29250e1f6628aa8a96a2420fefb0829875c2a9b427d46b77ebb6b88cbc8
                                                                • Instruction Fuzzy Hash: 5BF01260A08E42CAEA559B23A84517C6361BF69B75F1407F5D52F63AB0DF2CE8E8C314
                                                                Function 00007FFE1321C8E4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE1321C8F1
                                                                  • Part of subcall function 00007FFE1321C8A0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FFE1321B152), ref: 00007FFE1321C8D6
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE1321C91D
                                                                • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1321C937
                                                                Strings
                                                                • *** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac, xrefs: 00007FFE1321C926
                                                                • bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth, xrefs: 00007FFE1321C904
                                                                • 1.0.8, 13-Jul-2019, xrefs: 00007FFE1321C8F7
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func$__stdio_common_vfprintfexit
                                                                • String ID: bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth$*** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac$1.0.8, 13-Jul-2019
                                                                • API String ID: 77255540-989448446
                                                                • Opcode ID: 836efcf6b23a4585cd62e76ace601ecc2435689098995399630fc0c516941a58
                                                                • Instruction ID: 612e2317682c7aab4957931043bb837a8ffcdb8a8bf22b40e44e6c4691ee8907
                                                                • Opcode Fuzzy Hash: 836efcf6b23a4585cd62e76ace601ecc2435689098995399630fc0c516941a58
                                                                • Instruction Fuzzy Hash: 1EE0ED24A18D164AFA187763E9852785211AFF4B60F4000B9C90E272B39E6C6809C382
                                                                Function 00007FFE1463ADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$NameName::
                                                                • String ID:
                                                                • API String ID: 168861036-0
                                                                • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                • Instruction ID: c339776111e2a42692d45adef4fd306960abb42f2064bf35392c27b2837b1fe7
                                                                • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                • Instruction Fuzzy Hash: 88717A76E08E8689EB01CB92D8802BC37A1BB46768F548175EA0D177A6CF3CE449C380
                                                                Function 00007FFE13212C08 Relevance: 9.1, APIs: 6, Instructions: 114threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocEval_Thread$Bytes_FromList_RestoreSaveSizeString
                                                                • String ID:
                                                                • API String ID: 722544280-0
                                                                • Opcode ID: 299e1a11eefcece535b48eefa17f910425dba9180d5bd0db985f057c361aac7e
                                                                • Instruction ID: b9ed16ca4e913d5f845785f4e32c9ff1016bb98a8f2b9ff70bd5c918d8d61ba8
                                                                • Opcode Fuzzy Hash: 299e1a11eefcece535b48eefa17f910425dba9180d5bd0db985f057c361aac7e
                                                                • Instruction Fuzzy Hash: A741A372E18F428AEA65AB23D60027962A0FBE9B70F140675DE4D637A6DF3CE450C740
                                                                Function 00007FFE146369F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                • String ID:
                                                                • API String ID: 3741236498-0
                                                                • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                • Instruction ID: 93f7091552bb14510493558425dbf8f8707f54f96b4b9ba048e04e7bd7651081
                                                                • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                • Instruction Fuzzy Hash: 7531D522B19F9590EA25DF17984416933A0FF0AFF8B598571DD2D037A0EE3DD859C340
                                                                Function 00007FFE126E0970 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E0988
                                                                • PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E0999
                                                                • PyDict_SetItem.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E09B4
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E5CBE
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE126E086D,?,?,?,00007FFE126E081A,?,?,?,?,?,00007FFE126E07A5), ref: 00007FFE126E5CD7
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocFromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                                                • String ID:
                                                                • API String ID: 252187852-0
                                                                • Opcode ID: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                • Instruction ID: 1da029384fee89260496bcf0ef8e57f90a3000b079a160d9e903536a42119451
                                                                • Opcode Fuzzy Hash: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                • Instruction Fuzzy Hash: B8112E21D0CE4386FA158F23AD582392290AF69BF5F0860B1D90E567F5DFBCA8418701
                                                                Function 00007FFE133846B0 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                • String ID:
                                                                • API String ID: 863680558-0
                                                                • Opcode ID: 964070f957597cead12d681d8d9d4b975f1a861eb6e29b6fc22a496edc13ce25
                                                                • Instruction ID: f8e9ddcbb8e670a8ee978cf68bc519c6c33987fd64c1642acd1b25b2ff4cff47
                                                                • Opcode Fuzzy Hash: 964070f957597cead12d681d8d9d4b975f1a861eb6e29b6fc22a496edc13ce25
                                                                • Instruction Fuzzy Hash: 34012C21A19E428AE3509B77F84406E63A0EF98BB1B5042B1EA6E63F74DE2CD4D58704
                                                                Function 00007FFE1338701C Relevance: 9.0, APIs: 6, Instructions: 32threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                                                • String ID:
                                                                • API String ID: 586723380-0
                                                                • Opcode ID: 88cad95bcb5dfa4951526296af0bf2ff21b88eb4dabe66cc17352eaa9c495d40
                                                                • Instruction ID: 90a60e4bf5f818a3b8c18b134d451a3401ed8f2bda612881e71b604dda707115
                                                                • Opcode Fuzzy Hash: 88cad95bcb5dfa4951526296af0bf2ff21b88eb4dabe66cc17352eaa9c495d40
                                                                • Instruction Fuzzy Hash: 4AF03150A1DE0389FA5567A3694807C1256AF34BB1F0417F4C93E62FF0DE2CE1D48218
                                                                Function 00007FFE14633F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2889003569-2084237596
                                                                • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                • Instruction ID: dffcc3411f39d0760e55b9d4f57cc736afc16d6ea003f1edb2453ab911b64b28
                                                                • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                • Instruction Fuzzy Hash: B391D377A08B918AE710CF66E8802ADBBA0FB4579CF144139EE8C17769DF38D199C740
                                                                Function 00007FFE1463C540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                • API String ID: 2943138195-757766384
                                                                • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                • Instruction ID: b584d3018efed4078b35d0bd52ca213aee10e2c4e22961a7cb3e6f77bceaf736
                                                                • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                • Instruction Fuzzy Hash: AE716077A08F8688EB149F27D9940BC27A0BB077A8F4455B5E94D42B79DF3CE168C380
                                                                Function 00007FFE14633CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2889003569-2084237596
                                                                • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                • Instruction ID: 5fdf940f87476c53527a522a851ad4eaaba9872986cb7d85bd8ad3e54f7641ca
                                                                • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                • Instruction Fuzzy Hash: 83619572908FC581D7618F16E4803AAB7A0FB867A8F444265EB8D47B65DF7CD1D8CB40
                                                                Function 00007FFE14635C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: FileHeader
                                                                • String ID: MOC$RCC$csm$csm
                                                                • API String ID: 104395404-1441736206
                                                                • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                • Instruction ID: 0c6ff5ed0410d2e0edfa9987f6d3cb4b45e9544eb7663d32a6b11dcebddbf9a7
                                                                • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                • Instruction Fuzzy Hash: 5A51A372A09E9286EA609F2791C017D3AA0FF46B6CF140076DE4D47761DF3CF8698B81
                                                                Function 00007FFE132139F4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: combined CRCs: stored = 0x%08x, computed = 0x%08x$ {0x%08x, 0x%08x}
                                                                • API String ID: 0-2474432645
                                                                • Opcode ID: beca674fd8db362ae3c326a262006269a39a6cc495ac54829b8af714453b82f3
                                                                • Instruction ID: 463eb8ab84c57e3c6275001c0ddb606d9e838e34e71b9afa33e0cb859fe97d97
                                                                • Opcode Fuzzy Hash: beca674fd8db362ae3c326a262006269a39a6cc495ac54829b8af714453b82f3
                                                                • Instruction Fuzzy Hash: 3941DC31A0CD428EFB64AF36964027862A2DBE4B34F145275DA0EA73E7CF3CA841C750
                                                                Function 00007FFE126E0A68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PySequence_Size.PYTHON312(00000000,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0A94
                                                                • PySequence_GetItem.PYTHON312(?,00000000,00007FFE126E0A18), ref: 00007FFE126E0AC7
                                                                  • Part of subcall function 00007FFE126E0B5C: PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0B81
                                                                  • Part of subcall function 00007FFE126E0B5C: PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0B9B
                                                                  • Part of subcall function 00007FFE126E0B5C: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0BB0
                                                                  • Part of subcall function 00007FFE126E0B5C: PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFE126E0AE3,?,00000000,00007FFE126E0A18), ref: 00007FFE126E0BC7
                                                                • PyErr_Format.PYTHON312(?,00000000,00007FFE126E0A18), ref: 00007FFE126E5D09
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                • String ID: Too many filters - liblzma supports a maximum of %d
                                                                • API String ID: 1062705235-2617632755
                                                                • Opcode ID: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                • Instruction ID: 1093e193a36dbb9e8ffdc07ce374e8b56a492188f4574cfff7ba0548461c636d
                                                                • Opcode Fuzzy Hash: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                • Instruction Fuzzy Hash: 7C317F21B08E4685EA54DB1BAC441796691BB45FF8F1443B1DD3D277F5EEBCE4468300
                                                                Function 00007FFE126E20DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$FormatOccurred
                                                                • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                • API String ID: 4038069558-4068623215
                                                                • Opcode ID: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                • Instruction ID: ed0f668ae9311862849ebf5f65e64604a17b04d6e32b125ef34f2a1302eeedeb
                                                                • Opcode Fuzzy Hash: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                • Instruction Fuzzy Hash: A9219121A1CE4685EE20DB27EC853B92351BF89BB4F4012B1DA5E476F6DEACE9058700
                                                                Function 00007FFE13213774 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_$KeywordsModuleModule_PositionalStateType_
                                                                • String ID: BZ2Decompressor
                                                                • API String ID: 2980520244-1337346095
                                                                • Opcode ID: f57c856a1eaa85dad08e037339d259dc31bffbd300076d52cdc827e69f7ac027
                                                                • Instruction ID: f4f13ee9781146fc35560564ef3595017326bd158af345d28d1ac873cc110845
                                                                • Opcode Fuzzy Hash: f57c856a1eaa85dad08e037339d259dc31bffbd300076d52cdc827e69f7ac027
                                                                • Instruction Fuzzy Hash: D3216232A08E4288EA50AF13EA00179A7A1FBA4FE4F494071DE4D27376DF7CE485C700
                                                                Function 00007FFE13381060 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Capsule_DeallocPointer
                                                                • String ID: _socket.CAPI
                                                                • API String ID: 898671391-3774308389
                                                                • Opcode ID: 147324779042020adf52fa7f054c0f0e2125f6212a673ba3a80a163640bf1b1a
                                                                • Instruction ID: 47c19940c017cf9b093175b18623cd37105bf48e604c5a505718f147ab49a945
                                                                • Opcode Fuzzy Hash: 147324779042020adf52fa7f054c0f0e2125f6212a673ba3a80a163640bf1b1a
                                                                • Instruction Fuzzy Hash: 0A01C472E09D428DEA554F27CC5427C2264AB65B35F5442F0CA6E65AB1CF7DA8C28308
                                                                Function 00007FFE148B10E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                • String ID: close$error
                                                                • API String ID: 4029360594-371397155
                                                                • Opcode ID: 0a630f88c3fb29b6303c131d10015d5f25b4110c9ff69da5c0eced729275bb56
                                                                • Instruction ID: d3aa770a5a03c67fbf9b1c93530b5882f3975cb4c5633f52497959ef6b1beb41
                                                                • Opcode Fuzzy Hash: 0a630f88c3fb29b6303c131d10015d5f25b4110c9ff69da5c0eced729275bb56
                                                                • Instruction Fuzzy Hash: 56F03A21A09F47D5EA158B66F8840692368BF0ABA4B444176FE1D463B1DE3CE45D8300
                                                                Function 00007FFE13384ABC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                • String ID: (is)$getaddrinfo failed
                                                                • API String ID: 3413694139-582941868
                                                                • Opcode ID: c34809af6fe48c3d98dc105baad316adadc833bdd741b3991c46394a393d3a53
                                                                • Instruction ID: a207764a78b2e0b1b342e02319a594df9588451ea8969aae9f77132fe45d48d0
                                                                • Opcode Fuzzy Hash: c34809af6fe48c3d98dc105baad316adadc833bdd741b3991c46394a393d3a53
                                                                • Instruction Fuzzy Hash: B8F05421A09E0386EA058B22F9481AD23A0EF58B65F4441F5C96D67E74EE3CD4C4C304
                                                                Function 00007FFE13384B14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                • String ID: (is)$host not found
                                                                • API String ID: 3413694139-3306034047
                                                                • Opcode ID: e90ec528a1d937703f33ea49ca5fade7d46b30f37fbc55b9918f483f3cce63c4
                                                                • Instruction ID: 87ee9ad60bbd0f5213ffd4476ae6bc7b3a646b71ca403b2434c78fa872e05749
                                                                • Opcode Fuzzy Hash: e90ec528a1d937703f33ea49ca5fade7d46b30f37fbc55b9918f483f3cce63c4
                                                                • Instruction Fuzzy Hash: 71F0FE21A09E4689EA154B63F8482AD63A0EF68BB4F4442F5CA7D66E74DE3CD4C58304
                                                                Function 00007FFE1463A920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::$Name::operator+
                                                                • String ID:
                                                                • API String ID: 826178784-0
                                                                • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                • Instruction ID: 8bca26998280529ea66f493817bea121303509cfc05d0b70d8ddd7d992b2c980
                                                                • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                • Instruction Fuzzy Hash: C8417336E18E9698EB00DB62D8D01BC3774BF167A8B9440B2D94D137A5DF3CE459D380
                                                                Function 00007FFE148B27F8 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: List_$DeallocItem
                                                                • String ID:
                                                                • API String ID: 1559017468-0
                                                                • Opcode ID: a3b86cd28f5a00db1039b6b37618db01fe58124a87f1d68f694451c2dc2a1ca4
                                                                • Instruction ID: f74ede8ca6e6e52354b3b8b3b755cd03a8274cd0d460c03eab9420e599c7c69e
                                                                • Opcode Fuzzy Hash: a3b86cd28f5a00db1039b6b37618db01fe58124a87f1d68f694451c2dc2a1ca4
                                                                • Instruction Fuzzy Hash: 17218032A18F429AEB248F13E4882A977A4FB4ABA1F444575DF8D43760DF3DE559C340
                                                                Function 00007FFE148B1070 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocModule_State
                                                                • String ID:
                                                                • API String ID: 1903735390-0
                                                                • Opcode ID: 2ce0c8c7188e7a3beb229335f2cd0a6251314470689c624f0e1d13b771884af1
                                                                • Instruction ID: cb63092eb1be9a8be0ea715c2a9038da57e896904a5e1b598dbcf6b05f7b7f93
                                                                • Opcode Fuzzy Hash: 2ce0c8c7188e7a3beb229335f2cd0a6251314470689c624f0e1d13b771884af1
                                                                • Instruction Fuzzy Hash: A021FE31D09E92CDFB555F72888837832A8BB57B69F1441B0E60E4A3A1CF7DA44E8701
                                                                Function 00007FFE126E314C Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Module_State
                                                                • String ID:
                                                                • API String ID: 3434497292-0
                                                                • Opcode ID: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                • Instruction ID: 208d91202d73a09c0e80a0bb9002122a8ae6b7becf59c9fb5d5ef8355484bc56
                                                                • Opcode Fuzzy Hash: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                • Instruction Fuzzy Hash: 7C21BD3691AE0289FB69CF76CC583B832A0AF45B29F1844B8C50D491F4CFBDA8658350
                                                                Function 00007FFE13219F74 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$FromModuleSpecTypeType_$State
                                                                • String ID:
                                                                • API String ID: 1138651315-0
                                                                • Opcode ID: 385c81540caf7594d2d79f420c7c64eb9f9f90bd2783a20cd1ed782b2f8c24c0
                                                                • Instruction ID: e1cdb6ab02086b56a187a07c17fec283c22e47c74743a97736ed5abf8c6bb5ec
                                                                • Opcode Fuzzy Hash: 385c81540caf7594d2d79f420c7c64eb9f9f90bd2783a20cd1ed782b2f8c24c0
                                                                • Instruction Fuzzy Hash: BE019231B19F5285FA60AB17BA8463AA394AF99FE0B444470EE4D26775DF3CE444C700
                                                                Function 00007FFE13386E64 Relevance: 7.5, APIs: 5, Instructions: 39threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_DuplicateParseRestoreSaveSizeSocketTuple_
                                                                • String ID:
                                                                • API String ID: 3898289384-0
                                                                • Opcode ID: c8e2bad8f66a6fb79bb8ed3b2e5e97b1d887adf2b3fc17a41d9c2dd7865fadd9
                                                                • Instruction ID: 4185aea22676f683e9e68f61ac39e179da6af9ab4ddf4e06fd9b7a277af893ab
                                                                • Opcode Fuzzy Hash: c8e2bad8f66a6fb79bb8ed3b2e5e97b1d887adf2b3fc17a41d9c2dd7865fadd9
                                                                • Instruction Fuzzy Hash: CC110361A18F85C6EA219B62E5483AD6354FF647B4F4002F1D96E53BB4DF3CE0858604
                                                                Function 00007FFE13386F10 Relevance: 7.5, APIs: 5, Instructions: 33threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                                                • String ID:
                                                                • API String ID: 24305128-0
                                                                • Opcode ID: 6516a418a14a859acfa3d73bcf82298d2a1ff85a94d003fe5974aec2db2ce4ef
                                                                • Instruction ID: fc8a5b6bc99c801779f16d0c91fa3b1fdf7663345bc2090bb728c532a42460c4
                                                                • Opcode Fuzzy Hash: 6516a418a14a859acfa3d73bcf82298d2a1ff85a94d003fe5974aec2db2ce4ef
                                                                • Instruction Fuzzy Hash: 2E01FB21B18F428AEA509B63B58417D6360AFA8BB0F0447F0DA6E53F74DF2CE8C59214
                                                                Function 00007FFE13387EB0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$DecodeDefaultErrnoFromLongLong_OccurredUnicode_Unsignedif_indextoname
                                                                • String ID:
                                                                • API String ID: 2382930745-0
                                                                • Opcode ID: 3cc25d69238de96e231579351c1bec566e97787018e5fdd4677d39b8f471e047
                                                                • Instruction ID: 31f713636a6500521f97566c528d48077bb5b3cd47c89094deb0f19ffa99ca40
                                                                • Opcode Fuzzy Hash: 3cc25d69238de96e231579351c1bec566e97787018e5fdd4677d39b8f471e047
                                                                • Instruction Fuzzy Hash: 81011761A19E4589FA219B33E8943BD2391AFAC774F4007F4C97E56BB0DF2CE594C604
                                                                Function 00007FFE13212358 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x
                                                                • API String ID: 711238415-3357347091
                                                                • Opcode ID: bae728a6bf01b28945588ec33f57403ca6373a91784663bbbb4fd72b5314d822
                                                                • Instruction ID: 372b7165806d3ab71fb35618ee2421c0089456c446a57cef80ac34e49f0b868d
                                                                • Opcode Fuzzy Hash: bae728a6bf01b28945588ec33f57403ca6373a91784663bbbb4fd72b5314d822
                                                                • Instruction Fuzzy Hash: 82610576B18B168AE620FF2B95052BA3361EBD6F94F145075DE0A17367CE7DE402CB80
                                                                Function 00007FFE1463470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE14636E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE146329EE), ref: 00007FFE14636E56
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1463488B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort
                                                                • String ID: $csm$csm
                                                                • API String ID: 4206212132-1512788406
                                                                • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                • Instruction ID: c91c17722d3083782e6fb8953473d169881d8c4bc062f0c8746f2b27a8b208e4
                                                                • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                • Instruction Fuzzy Hash: BE71C236908AC186DB618F26D4D037DBBA0FB46BACF048175DA8D07BA9CB3CD459C780
                                                                Function 00007FFE146344E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE14636E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE146329EE), ref: 00007FFE14636E56
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE146345DB
                                                                • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE146345EB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                • String ID: csm$csm
                                                                • API String ID: 4108983575-3733052814
                                                                • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                • Instruction ID: 1e418abd2ac838270279053a8cef1d01eb816ae3b36cb8d559e8b7834147af7a
                                                                • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                • Instruction Fuzzy Hash: 4351A67AA08AC286EB648F1395C4368B790FB52BBCF145175DA4D47BA5CF3CE894CB40
                                                                Function 00007FFE1463B118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::
                                                                • String ID: %lf
                                                                • API String ID: 1333004437-2891890143
                                                                • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                • Instruction ID: bed18067989b109c02ae07bc5f0ffff0b2234bc75e109c6fd933e7d4aeaf9616
                                                                • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                • Instruction Fuzzy Hash: 8831CA31A0CF8A85EA11DB13A8911F97360BF57BA8F444276E98D43776DE3CE509C744
                                                                Function 00007FFE13385450 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                                                • String ID: connect_ex$socket.connect
                                                                • API String ID: 3879675179-935070752
                                                                • Opcode ID: 414937b2a6d92fbc3da88fc1208311d46d9418bcea39934cf64ea2bb9134626d
                                                                • Instruction ID: 627696768130ef758e7844242569e4ced1d5ad2faefdb1b3d6264bbb92095467
                                                                • Opcode Fuzzy Hash: 414937b2a6d92fbc3da88fc1208311d46d9418bcea39934cf64ea2bb9134626d
                                                                • Instruction Fuzzy Hash: C5113021B09E82C5F7208B23F4107EE63A0BF647A5F5102F2DA5D67E69EE2CD184C704
                                                                Function 00007FFE14632A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE14636E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE146329EE), ref: 00007FFE14636E56
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE14632A8E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abortterminate
                                                                • String ID: MOC$RCC$csm
                                                                • API String ID: 661698970-2671469338
                                                                • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                • Instruction ID: e6925ddeae9f6abb212e7a32541bb014c6d86355b9cc18b04f60eda383221cf3
                                                                • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                • Instruction Fuzzy Hash: 56F04F32918A8786E7646B22E1C106D3664EF4DB68F1950B1D74C06362CF7CD8A8C781
                                                                Function 00007FFE126E1E7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,00000006,00007FFE126E0CFC), ref: 00007FFE126E1E89
                                                                • PyErr_Occurred.PYTHON312(?,?,00000006,00007FFE126E0CFC), ref: 00007FFE126E1E92
                                                                • PyErr_SetString.PYTHON312(?,?,00000006,00007FFE126E0CFC), ref: 00007FFE126E607B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for uint32_t type
                                                                • API String ID: 944333170-1712686559
                                                                • Opcode ID: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                • Instruction ID: 9338b9d48c8c5f1e2beef6a63028fe1879162f6e379281f18b1dc15c59644895
                                                                • Opcode Fuzzy Hash: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                • Instruction Fuzzy Hash: 2CF05E20B18E03C9EF10DB27EC941B82360AB48BA4F0481B0D90D463B4DEBCEC949340
                                                                Function 00007FFE126E6490 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for lzma_match_finder type
                                                                • API String ID: 944333170-1161044407
                                                                • Opcode ID: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                • Instruction ID: 729eae96b20d61f694159f789a320accc1dde94eb8d5e430a96a9c9936995e91
                                                                • Opcode Fuzzy Hash: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                • Instruction Fuzzy Hash: C3F0FE21A08E47D9EF148F17FD841796360AF44BA4F1880B4CA1D463F8DEBCE8948700
                                                                Function 00007FFE126E64E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for lzma_mode type
                                                                • API String ID: 944333170-1290617251
                                                                • Opcode ID: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                • Instruction ID: 161f783985c155275a091e9d5513aae00a1bf79c176ee091f5b178c2cb921204
                                                                • Opcode Fuzzy Hash: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                • Instruction Fuzzy Hash: 72F0F821B08E43DAEF508F17FC841786360AF48BA4F5854B4DA1E4A2F8DEBCE8948300
                                                                Function 00007FFE1338678C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FFE133867A5
                                                                • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FFE133867CB
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_FormatFromStringUnicode_
                                                                • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                                                • API String ID: 1884982852-285600062
                                                                • Opcode ID: adbad624c4c56f29da8e25935a1100d7f970daaacfccf8b58daafbc43e48176e
                                                                • Instruction ID: 54c1c6ca860ff7ded5f362fd38d6228516beef6a1fd6791e616f88118ff41945
                                                                • Opcode Fuzzy Hash: adbad624c4c56f29da8e25935a1100d7f970daaacfccf8b58daafbc43e48176e
                                                                • Instruction Fuzzy Hash: BDF0D075A0890289DA109B16D44047C3361FB68BB8F6047B1DA3D57AF4DE2DE486D744
                                                                Function 00007FFE1463A638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                • Instruction ID: 4e759cbe01357f428da183593d63ca0698bb1e0d35096d71a122cb4a08d46c52
                                                                • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                • Instruction Fuzzy Hash: 61916F76E08E9689FB118BA6D8803BC37B0BB0676CF5440B5DA4D177A5DF7CA849D380
                                                                Function 00007FFE126D838C Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyType_GetModuleState.PYTHON312(?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126D83C1
                                                                  • Part of subcall function 00007FFE126E2574: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFE126D83DB,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E25AB
                                                                  • Part of subcall function 00007FFE126E2574: PyList_New.PYTHON312(?,?,?,00007FFE126D83DB,?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126E25BE
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126D83E8
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126D8401
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000000,?,?,?,00007FFE126D8041), ref: 00007FFE126D84C1
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                • String ID:
                                                                • API String ID: 2935988267-0
                                                                • Opcode ID: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                • Instruction ID: f0c353b0ad88cc95ea6520a0ed7015348c318e0e4f7b88ec56f0973129eaf96b
                                                                • Opcode Fuzzy Hash: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                • Instruction Fuzzy Hash: 6C419422A09E4A86EA64CF279C481BD23A4FF847A8F644175D98D476F4DFBCE846C340
                                                                Function 00007FFE1463D274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                • String ID:
                                                                • API String ID: 3863519203-0
                                                                • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                • Instruction ID: 4379586cff08e618d62f1e8d712a2c5391c0bb3061c51640ebc84362d4665547
                                                                • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                • Instruction Fuzzy Hash: 03417B72A04B8589FB01CF66D8803AC37A0FB4AB6CF548075DA4C57769DF7C9849C390
                                                                Function 00007FFE13384594 Relevance: 6.1, APIs: 4, Instructions: 75threadtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveTime_Timeval_clampselect
                                                                • String ID:
                                                                • API String ID: 3905867726-0
                                                                • Opcode ID: 12a889711c2c2e54b49b1f454469c8620633830652707fbfba1c602784efdac5
                                                                • Instruction ID: c1a7997d3fd07c68c87419914ca2c0bccd2e2fa14c0c05439e4b508273ca52ee
                                                                • Opcode Fuzzy Hash: 12a889711c2c2e54b49b1f454469c8620633830652707fbfba1c602784efdac5
                                                                • Instruction Fuzzy Hash: 5131B862B08F818AD760CF26A8542AD6390FB987B4F5103B9DA7D63FA4DF3DD4458708
                                                                Function 00007FFE13385790 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                                                • String ID:
                                                                • API String ID: 772546412-0
                                                                • Opcode ID: bb4860f722e20605b845678caae1940802489a0c30753b108cbd7cf2fc4f76aa
                                                                • Instruction ID: d041b349f2df4355e66327b36cdad3cedfa68b051f9f86e5ea38c7c23e17db8b
                                                                • Opcode Fuzzy Hash: bb4860f722e20605b845678caae1940802489a0c30753b108cbd7cf2fc4f76aa
                                                                • Instruction Fuzzy Hash: D8115421A0CFC2C5EA309B52F0403AE6361FBA4795F4042B2DA9E23E69DF2CD185C704
                                                                Function 00007FFE133856D0 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                                                • String ID:
                                                                • API String ID: 1387529023-0
                                                                • Opcode ID: 6217d1f52f68499da46158bc7b5de8f19134ea31d65d8230de025008c52050e8
                                                                • Instruction ID: fe95fe306e967cc842de358708646afee3e07d8c7a8edb3ecdce386536ef80a5
                                                                • Opcode Fuzzy Hash: 6217d1f52f68499da46158bc7b5de8f19134ea31d65d8230de025008c52050e8
                                                                • Instruction Fuzzy Hash: AD116A2560CFC2C6EA309B52F0443AE6361FB54794F0041B1E59D27E69DF3CD145C704
                                                                Function 00007FFE126D76FC Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocFreeMem_Thread_free_lock
                                                                • String ID:
                                                                • API String ID: 2783890233-0
                                                                • Opcode ID: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                • Instruction ID: 91337d1d92da4384fad797dd18eabe3ea032453974090572818dc07df538fcb2
                                                                • Opcode Fuzzy Hash: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                • Instruction Fuzzy Hash: E2111E22A09D8A96EA9E8F63DD583782360FF44BA4F185470C65E465F4CFBDA8558302
                                                                Function 00007FFE146409FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                • Instruction ID: 9abc4f2b4532c2ad06ebd828dac809781d0567ac8431bf72fbc5d16c76933b88
                                                                • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                • Instruction Fuzzy Hash: 89110026B14F058AEF00DF61E8952B833A4F75AB68F481E35DA6D467A4DF7CD198C340
                                                                Function 00007FFE13382EEC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: d9f98cd6e8095113ce688e9adc81d2d2b62b70132384823deca84349fed3ec32
                                                                • Instruction ID: fa37b18ab83286193f416118204c7e7a0b1d3d8bb35824436a0aac88a9f26eca
                                                                • Opcode Fuzzy Hash: d9f98cd6e8095113ce688e9adc81d2d2b62b70132384823deca84349fed3ec32
                                                                • Instruction Fuzzy Hash: 11112122B14F0189EB00CF61E8542B833A4F769768F440E75DA6E96BA4DF7CD1A4C340
                                                                Function 00007FFE126E3A1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                • Instruction ID: 356803224521a8205054d58fe031216dec29550b5a1644e4f483fd099286af1e
                                                                • Opcode Fuzzy Hash: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                • Instruction Fuzzy Hash: 81112A26B14F418AEB00CF65EC542B833A4FB59768F441E31DA6D46BB8DFBCD1588340
                                                                Function 00007FFE148B165C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780180225.00007FFE148B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE148B0000, based on PE: true
                                                                • Associated: 00000002.00000002.3780140147.00007FFE148B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780240716.00007FFE148B3000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780287247.00007FFE148B5000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780341109.00007FFE148B6000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe148b0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 7f6b854855521a5eeb54a69c346efd32b0b439a43f7217cfd0872cc224e201bb
                                                                • Instruction ID: 6b0db8e52b91edf6adafa73bd49b4477a3dfc43c1b561008ba7e0b7ad12ea8ca
                                                                • Opcode Fuzzy Hash: 7f6b854855521a5eeb54a69c346efd32b0b439a43f7217cfd0872cc224e201bb
                                                                • Instruction Fuzzy Hash: 7F112E26B14F058AEB00DF61E8942B833A4FB1A768F440E31EE6D467B4DF7CD1598340
                                                                Function 00007FF63D56D6F4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3777428273.00007FF63D541000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF63D540000, based on PE: true
                                                                • Associated: 00000002.00000002.3777399946.00007FF63D540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000002.00000002.3777464571.00007FF63D58C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000002.00000002.3777541146.00007FF63D5A6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000002.00000002.3777597726.00007FF63D5B1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff63d540000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 3e9bf284f51a014416bd2e884015404433c55462ee1280fbdb526b963edf0727
                                                                • Instruction ID: b541a4641615c286454e1f8bb0dd302ecba42d15b4901a6ac7acbe8973795a95
                                                                • Opcode Fuzzy Hash: 3e9bf284f51a014416bd2e884015404433c55462ee1280fbdb526b963edf0727
                                                                • Instruction Fuzzy Hash: 87111226B14F058AFB00CFA4E8552B833A4FB59768F441E35EE6D867A4EF7CE1549340
                                                                Function 00007FFE1321A640 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779820045.00007FFE13211000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE13210000, based on PE: true
                                                                • Associated: 00000002.00000002.3779801540.00007FFE13210000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779842597.00007FFE1321E000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779866844.00007FFE13222000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779888024.00007FFE13223000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13210000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: c9d2bc6b1f4b90143cfcf8b72833dd591a01bb31496536103f8e1994dd480a1d
                                                                • Instruction ID: 8437af570f47870c80f8e875cffcce7462140b4c1dc676b4cc24284dcb520c40
                                                                • Opcode Fuzzy Hash: c9d2bc6b1f4b90143cfcf8b72833dd591a01bb31496536103f8e1994dd480a1d
                                                                • Instruction Fuzzy Hash: D9111C22B15F018EEB00DB61EC552A933A4FB69768F440E31DA6D567A4DF7CD254C340
                                                                Function 00007FFDFAF48960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3778068805.00007FFDFADA1000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDFADA0000, based on PE: true
                                                                • Associated: 00000002.00000002.3777981553.00007FFDFADA0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778260813.00007FFDFB022000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778260813.00007FFDFB042000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778260813.00007FFDFB051000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778260813.00007FFDFB0C7000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778260813.00007FFDFB192000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778923898.00007FFDFB296000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778971593.00007FFDFB2FE000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3778996982.00007FFDFB305000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779015042.00007FFDFB306000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779033239.00007FFDFB307000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779053332.00007FFDFB308000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779108688.00007FFDFB38F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779135699.00007FFDFB391000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779172568.00007FFDFB39B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779234889.00007FFDFB3C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779259790.00007FFDFB3C1000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779290761.00007FFDFB3C2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779384560.00007FFDFB3C3000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779408832.00007FFDFB3C5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779467209.00007FFDFB3D1000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779529860.00007FFDFB3D2000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779597046.00007FFDFB414000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779642753.00007FFDFB431000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdfada0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: d2285d0ca78b08e9284e6539fe4cd286835083a25521d89012cfe7de672bd859
                                                                • Instruction ID: fbf676f528adcf70278098af14a93d004fbcfd943431bf3b737f207af8cc2572
                                                                • Opcode Fuzzy Hash: d2285d0ca78b08e9284e6539fe4cd286835083a25521d89012cfe7de672bd859
                                                                • Instruction Fuzzy Hash: 49112E22B15F068AEB00DF60E8646B833A4FB19758F440E31DE6D867A8EF78D168C340
                                                                Function 00007FFE13385338 Relevance: 6.0, APIs: 4, Instructions: 29threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                • String ID:
                                                                • API String ID: 1624953543-0
                                                                • Opcode ID: 469834960f5fb333051253006ecc6c4dbb46e8df025279c03e012d890aa341a8
                                                                • Instruction ID: c21d6796134de5eb2dae7a4da6d438e374b640a3fe05050152034e1edf11bfa6
                                                                • Opcode Fuzzy Hash: 469834960f5fb333051253006ecc6c4dbb46e8df025279c03e012d890aa341a8
                                                                • Instruction Fuzzy Hash: 38F01D62A08F41C6EA545B57A44406C6364AB69BB1B1843B0DA7E23BF4CFBCD4C58204
                                                                Function 00007FFE1463F670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind
                                                                • String ID: csm
                                                                • API String ID: 451473138-1018135373
                                                                • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                • Instruction ID: 912a420aa57b10216419ccbdc7d1708d0a238f7e1718de5302257e8ca348a66a
                                                                • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                • Instruction Fuzzy Hash: 6551C432B19A828ADB1CCB16E494A7D33A1EB45BACF148175DA9E437A4DF3CE845C740
                                                                Function 00007FFE14634E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$CreateFrameInfo
                                                                • String ID: csm
                                                                • API String ID: 2697087660-1018135373
                                                                • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                • Instruction ID: bd14d1ea8562fcc03783a77cb69c20435b44c98c8010db5bf6870e4d28a52551
                                                                • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                • Instruction Fuzzy Hash: 66513F77618B8186D6219F26E48026E77B4FB8ABA8F140174EB8D07B65CF3DE459CB40
                                                                Function 00007FFE1463A524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: void$void
                                                                • API String ID: 2943138195-3746155364
                                                                • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                • Instruction ID: de619c582bfcd9de31f24dc11709010c01369863c0720fb535491d3bd46141a0
                                                                • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                • Instruction Fuzzy Hash: CF312762E18F999CFB01DFA5E8810EC37B0BB4A75CB444176EA4E52B69DF3C9148C790
                                                                Function 00007FFE13384B6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE13388654: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE13388698
                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE13383FC0), ref: 00007FFE13384C47
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_String__stdio_common_vsscanf
                                                                • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                                                • API String ID: 3283897942-3956635471
                                                                • Opcode ID: 82460378f9390543d5d03a976a5082cfe22b1e135c935a62461cff4db5ddd525
                                                                • Instruction ID: cf376ae742655957d730583ce5b89dcf550edb9e3ac5d787486ddf780c1ccb4c
                                                                • Opcode Fuzzy Hash: 82460378f9390543d5d03a976a5082cfe22b1e135c935a62461cff4db5ddd525
                                                                • Instruction Fuzzy Hash: A721CF71718E859ADB10CB02E8880AC73A6F7543E0F418276EAAC57B64DF3DD894C710
                                                                Function 00007FFE1463676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: FileHeader$ExceptionRaise
                                                                • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                • API String ID: 3685223789-3176238549
                                                                • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                • Instruction ID: 5d9dcf5d8e16ca2755ffc62d6587067daae1bf94659cc2439780e44db716af17
                                                                • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                • Instruction Fuzzy Hash: 5C018C61A19E8AA1EF108B16E4D01B82360EF82B68F4464B1E60E06779EF7CD94DC740
                                                                Function 00007FFE14636B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                • Instruction ID: 2c49ca0c93ec38a44e9efedd819222976c9feefe520be5dd85d1507b6449a408
                                                                • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                • Instruction Fuzzy Hash: 7C116032608F8082EB618F16F440259B7E4FB89B98F1842B0DE8D07768DF3DC955CB40
                                                                Function 00007FFE133841EC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779925922.00007FFE13381000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13380000, based on PE: true
                                                                • Associated: 00000002.00000002.3779906557.00007FFE13380000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779945206.00007FFE13389000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779968681.00007FFE13391000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779992737.00007FFE13393000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe13380000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: getsockaddrlen: bad family$getsockaddrlen: unknown BT protocol
                                                                • API String ID: 1450464846-3381576205
                                                                • Opcode ID: 68c5e8985835ae6d1ad6a3eb8734c9d41b7279e8c40dd2ee74cade83e5c1d99f
                                                                • Instruction ID: 14044924cc45ebb0801ad232f1a3a875589f02619bf1094f2058dca407b26288
                                                                • Opcode Fuzzy Hash: 68c5e8985835ae6d1ad6a3eb8734c9d41b7279e8c40dd2ee74cade83e5c1d99f
                                                                • Instruction Fuzzy Hash: C00119B190CA028DF7248F0AE48427C22A1ABA5720F6146F5C12EB6EB0CF7CA5C59709
                                                                Function 00007FFE1463F420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE14636E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE146329EE), ref: 00007FFE14636E56
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1463F45A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: abortterminate
                                                                • String ID: csm$f
                                                                • API String ID: 661698970-629598281
                                                                • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                • Instruction ID: aaa39fd6bfd0ec9323aa151cd562e82c06c3f6f28c5db0453587b600dd587b7b
                                                                • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                • Instruction Fuzzy Hash: 28E03721D08B9141D6255B22A1C013D2654AF5BB68F144074D6CC06767CE38D8984641
                                                                Function 00007FFE126D9D80 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3779693689.00007FFE126D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE126D0000, based on PE: true
                                                                • Associated: 00000002.00000002.3779673308.00007FFE126D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126E8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779716950.00007FFE126EC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779756441.00007FFE126F4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.3779776370.00007FFE126F5000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe126d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: memcpy$memmove
                                                                • String ID:
                                                                • API String ID: 1283327689-0
                                                                • Opcode ID: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                • Instruction ID: 69f007042ba27914a906eb334263b5e30ca11ddeb14b21c0030e2e4f3a0e5fb7
                                                                • Opcode Fuzzy Hash: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                • Instruction Fuzzy Hash: 1131D432B19A4987DA149F37B84407DB762FB55BA0B280139DB8E57BE5DEBCE4418700
                                                                Function 00007FFE14636E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FFE14636CE9,?,?,?,?,00007FFE14640582,?,?,?,?,?), ref: 00007FFE14636E83
                                                                • SetLastError.KERNEL32(?,?,?,00007FFE14636CE9,?,?,?,?,00007FFE14640582,?,?,?,?,?), ref: 00007FFE14636F0C
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.3780038959.00007FFE14631000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE14630000, based on PE: true
                                                                • Associated: 00000002.00000002.3780019875.00007FFE14630000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780070003.00007FFE14643000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780092350.00007FFE14648000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                • Associated: 00000002.00000002.3780111476.00007FFE14649000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffe14630000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast
                                                                • String ID:
                                                                • API String ID: 1452528299-0
                                                                • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                • Instruction ID: 041555b59f236db338692be52b05ba9aa045ce3c48d18c6eaa14d8e0a78eb1d3
                                                                • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                • Instruction Fuzzy Hash: F4112724B1DE8642FE249B27A8901742291AF47BBCF0846B4D92D077F5DE3CA84DC650

                                                                Non-executed Functions

                                                                Function 00007FF7E437C0F0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000004.00000002.2155988662.00007FF7E4371000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF7E4370000, based on PE: true
                                                                • Associated: 00000004.00000002.2155965352.00007FF7E4370000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156014211.00007FF7E4392000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156046797.00007FF7E439F000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156046797.00007FF7E43B1000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156046797.00007FF7E43B7000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156046797.00007FF7E43B9000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156046797.00007FF7E43BB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000004.00000002.2156156105.00007FF7E43C4000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_4_2_7ff7e4370000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: e5452eedf9582e092569b7414b2f17c91349fbc22d9af30a0b797327307e927a
                                                                • Instruction ID: 0fe696a4d03f63c22f3d53fdd029d28215199b4f9b7a9416378cc8c5da8e4ff4
                                                                • Opcode Fuzzy Hash: e5452eedf9582e092569b7414b2f17c91349fbc22d9af30a0b797327307e927a
                                                                • Instruction Fuzzy Hash: 36113D2AB14F028AEB10DF65EC843A873A4F729758F440E36EB6D52768DF38D1648351

                                                                Executed Functions

                                                                Function 00007FFE1A4D10C0 Relevance: 694.3, APIs: 203, Strings: 193, Instructions: 1313networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$Constant$String$Object$Err_$ConditionFromMask$DeallocException$Capsule_DictDict_ExitFormatInfoLongLong_MallocMem_MemoryMetaclassStartupTypeType_Unicode_UnsignedVerifyVersionmemset
                                                                • String ID: 00000000-0000-0000-0000-000000000000$00:00:00:00:00:00$00:00:00:FF:FF:FF$90DB8B89-0D35-4F79-8CE9-49EA0AC8B7CD$A42E7CDA-D03F-480C-9CC2-A4DE20ABB878$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_HYPERV$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$E0E16197-DD56-4A10-9195-5EE7A155A838$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$HVSOCKET_ADDRESS_FLAG_PASSTHRU$HVSOCKET_CONNECTED_SUSPEND$HVSOCKET_CONNECT_TIMEOUT$HVSOCKET_CONNECT_TIMEOUT_MAX$HV_GUID_BROADCAST$HV_GUID_CHILDREN$HV_GUID_LOOPBACK$HV_GUID_PARENT$HV_GUID_WILDCARD$HV_GUID_ZERO$HV_PROTOCOL_RAW$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_ADD_SOURCE_MEMBERSHIP$IP_BLOCK_SOURCE$IP_DROP_MEMBERSHIP$IP_DROP_SOURCE_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_PKTINFO$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$IP_UNBLOCK_SOURCE$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket.gaierror$socket.herror$timeout
                                                                • API String ID: 1196102948-1188461360
                                                                • Opcode ID: 0fb31f2eee656220925b4e47e62874025d6cd115870c459d51081d29a567eca9
                                                                • Instruction ID: 91bfa21acbba39540c82c5a2f57a757e769b7907cd80300cf11b145c941c97eb
                                                                • Opcode Fuzzy Hash: 0fb31f2eee656220925b4e47e62874025d6cd115870c459d51081d29a567eca9
                                                                • Instruction Fuzzy Hash: 0AD2C329F08F1385F6108B27A81427426A2BF25FE4F8455FAC91ED6A75EF7DE224C341
                                                                Function 00007FFE133127C0 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 229 7ffe133127c0-7ffe133127f1 PyModule_GetState PyTuple_New 230 7ffe133127f7-7ffe1331280c PyModule_AddIntConstant 229->230 231 7ffe13312b9c-7ffe13312b9f 229->231 230->231 232 7ffe13312812-7ffe13312828 PyModule_AddIntConstant 230->232 233 7ffe13312b87-7ffe13312b9b 231->233 232->231 234 7ffe1331282e-7ffe13312844 PyModule_AddIntConstant 232->234 234->231 235 7ffe1331284a-7ffe13312860 PyModule_AddIntConstant 234->235 235->231 236 7ffe13312866-7ffe1331287a call 7ffe13312ba4 235->236 236->231 239 7ffe13312880-7ffe13312895 call 7ffe13312ba4 236->239 239->231 242 7ffe1331289b-7ffe133128b2 call 7ffe13312ba4 239->242 242->231 245 7ffe133128b8-7ffe133128cd call 7ffe13312ba4 242->245 245->231 248 7ffe133128d3-7ffe133128e8 call 7ffe13312ba4 245->248 248->231 251 7ffe133128ee-7ffe13312903 call 7ffe13312ba4 248->251 251->231 254 7ffe13312909-7ffe13312924 call 7ffe13312ba4 251->254 254->231 257 7ffe1331292a-7ffe1331293f call 7ffe13312ba4 254->257 257->231 260 7ffe13312945-7ffe1331295a call 7ffe13312ba4 257->260 260->231 263 7ffe13312960-7ffe13312974 call 7ffe13312ba4 260->263 263->231 266 7ffe1331297a-7ffe1331298f call 7ffe13312ba4 263->266 266->231 269 7ffe13312995-7ffe133129aa call 7ffe13312ba4 266->269 269->231 272 7ffe133129b0-7ffe133129c5 call 7ffe13312ba4 269->272 272->231 275 7ffe133129cb-7ffe133129e0 call 7ffe13312ba4 272->275 275->231 278 7ffe133129e6-7ffe133129fb call 7ffe13312ba4 275->278 278->231 281 7ffe13312a01-7ffe13312a16 call 7ffe13312ba4 278->281 281->231 284 7ffe13312a1c-7ffe13312a30 call 7ffe13312ba4 281->284 284->231 287 7ffe13312a36-7ffe13312a4b call 7ffe13312ba4 284->287 287->231 290 7ffe13312a51-7ffe13312a66 call 7ffe13312ba4 287->290 290->231 293 7ffe13312a6c-7ffe13312a81 call 7ffe13312ba4 290->293 293->231 296 7ffe13312a87-7ffe13312a9c call 7ffe13312ba4 293->296 296->231 299 7ffe13312aa2-7ffe13312ab7 call 7ffe13312ba4 296->299 299->231 302 7ffe13312abd-7ffe13312ad2 call 7ffe13312ba4 299->302 302->231 305 7ffe13312ad8-7ffe13312aef call 7ffe13312ba4 302->305 305->231 308 7ffe13312af5-7ffe13312b16 PyErr_NewExceptionWithDoc 305->308 308->231 309 7ffe13312b1c-7ffe13312b2a PyModule_AddType 308->309 309->231 310 7ffe13312b2c-7ffe13312b45 PyType_FromModuleAndSpec 309->310 310->231 311 7ffe13312b47-7ffe13312b55 PyModule_AddType 310->311 311->231 312 7ffe13312b57-7ffe13312b71 PyType_FromModuleAndSpec 311->312 312->231 313 7ffe13312b73-7ffe13312b84 PyModule_AddType 312->313 313->233
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                • API String ID: 2322464913-730042774
                                                                • Opcode ID: b091e49e01b098b25a876694f3ea7601ad3c204f15de4486665e150d791b2536
                                                                • Instruction ID: ada479a0d365e0557a5aebaf8283800aac10ae04f8d43e00e8aedef946902e9d
                                                                • Opcode Fuzzy Hash: b091e49e01b098b25a876694f3ea7601ad3c204f15de4486665e150d791b2536
                                                                • Instruction Fuzzy Hash: 6BA150A0B18E12CAEA149F27E9402B67B65AF247A4F4090B0CD2CEA677DE5DF104C71C
                                                                Function 00007FFE1A4D5AFC Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 234threadnetworkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 314 7ffe1a4d5afc-7ffe1a4d5b4d PyType_GetModuleByDef 315 7ffe1a4d5b5b-7ffe1a4d5b80 PySys_Audit 314->315 316 7ffe1a4d5b4f-7ffe1a4d5b59 314->316 318 7ffe1a4d5bd6 315->318 319 7ffe1a4d5b82-7ffe1a4d5b85 315->319 316->315 317 7ffe1a4d5b9b-7ffe1a4d5ba9 316->317 323 7ffe1a4d5d6e-7ffe1a4d5d7e PyLong_AsLongLong 317->323 324 7ffe1a4d5baf-7ffe1a4d5bb7 317->324 320 7ffe1a4d5bdb-7ffe1a4d5bfe call 7ffe1a4d2a00 318->320 321 7ffe1a4d5b8b-7ffe1a4d5b95 319->321 322 7ffe1a4d5e46-7ffe1a4d5ea9 PyEval_SaveThread WSASocketW PyEval_RestoreThread 319->322 321->317 321->322 326 7ffe1a4d5eaf-7ffe1a4d5ecd call 7ffe1a4d4420 322->326 327 7ffe1a4d5d20-7ffe1a4d5d25 call 7ffe1a4d4a88 322->327 330 7ffe1a4d5dab-7ffe1a4d5dda memset getsockname 323->330 331 7ffe1a4d5d80-7ffe1a4d5d89 PyErr_Occurred 323->331 328 7ffe1a4d5bb9-7ffe1a4d5bd0 PyErr_Format 324->328 329 7ffe1a4d5bff-7ffe1a4d5c08 324->329 348 7ffe1a4d5ed3-7ffe1a4d5ed5 326->348 349 7ffe1a4d5d44-7ffe1a4d5d4d closesocket 326->349 327->318 328->318 336 7ffe1a4d5c10-7ffe1a4d5c61 329->336 334 7ffe1a4d5ddc-7ffe1a4d5ddf 330->334 335 7ffe1a4d5de8-7ffe1a4d5deb 330->335 331->318 332 7ffe1a4d5d8f-7ffe1a4d5da6 PyErr_SetString 331->332 332->318 339 7ffe1a4d5e02-7ffe1a4d5e06 334->339 340 7ffe1a4d5de1-7ffe1a4d5de6 334->340 335->327 341 7ffe1a4d5df1-7ffe1a4d5dfc WSAGetLastError 335->341 336->336 342 7ffe1a4d5c63-7ffe1a4d5cd6 PySys_Audit 336->342 346 7ffe1a4d5e08-7ffe1a4d5e36 getsockopt 339->346 347 7ffe1a4d5e41-7ffe1a4d5e44 339->347 340->339 341->327 341->339 342->318 345 7ffe1a4d5cdc-7ffe1a4d5d1e PyEval_SaveThread WSASocketW PyEval_RestoreThread 342->345 345->327 350 7ffe1a4d5d2a-7ffe1a4d5d3a SetHandleInformation 345->350 346->327 351 7ffe1a4d5e3c 346->351 347->326 348->320 349->318 352 7ffe1a4d5d3c-7ffe1a4d5d3e PyErr_SetFromWindowsErr 350->352 353 7ffe1a4d5d52-7ffe1a4d5d69 350->353 351->347 352->349 353->326
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_$ErrorFormatFromHandleInformationLastLong_ModuleOccurredStringType_Windowsclosesocketgetsocknamegetsockoptmemset
                                                                • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__
                                                                • API String ID: 3363282672-2881308447
                                                                • Opcode ID: 4cb0448f202c41487222ee5ef5d738bee55fded3baec7f269166aa18e43a2a4b
                                                                • Instruction ID: 7221f780c336ebb839e86d99dfe3da14408b106666e53c5daf465e4a1780b0bf
                                                                • Opcode Fuzzy Hash: 4cb0448f202c41487222ee5ef5d738bee55fded3baec7f269166aa18e43a2a4b
                                                                • Instruction Fuzzy Hash: EDB1A566F08E8582E6508F2AD4042B97360FBA9FB4F0453B6DE5D53AB1DF3CE5A48740
                                                                Function 00007FFE1A4D5190 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 114networkthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 354 7ffe1a4d5190-7ffe1a4d51c4 355 7ffe1a4d51c7-7ffe1a4d51ca 354->355 356 7ffe1a4d51dc-7ffe1a4d51df 355->356 357 7ffe1a4d51cc-7ffe1a4d51d4 355->357 360 7ffe1a4d5203-7ffe1a4d5212 _PyDeadline_Init 356->360 361 7ffe1a4d51e1-7ffe1a4d51ed _PyDeadline_Get 356->361 358 7ffe1a4d51da 357->358 359 7ffe1a4d527b-7ffe1a4d5289 PyEval_SaveThread 357->359 362 7ffe1a4d5215 358->362 394 7ffe1a4d528c call 7ffe1a4d6894 359->394 395 7ffe1a4d528c call 7ffe1a4d62b4 359->395 360->362 363 7ffe1a4d5218-7ffe1a4d5230 call 7ffe1a4d4594 361->363 364 7ffe1a4d51ef-7ffe1a4d51f2 361->364 362->363 378 7ffe1a4d5272-7ffe1a4d5275 363->378 379 7ffe1a4d5232-7ffe1a4d5235 363->379 366 7ffe1a4d530c-7ffe1a4d531d PyErr_SetString 364->366 367 7ffe1a4d51f8-7ffe1a4d51fe 364->367 365 7ffe1a4d5290-7ffe1a4d529d PyEval_RestoreThread 369 7ffe1a4d52fd-7ffe1a4d5300 365->369 370 7ffe1a4d529f-7ffe1a4d52a2 365->370 371 7ffe1a4d5323 366->371 367->371 373 7ffe1a4d5308-7ffe1a4d530a 369->373 374 7ffe1a4d5302 369->374 375 7ffe1a4d52ac-7ffe1a4d52b7 WSAGetLastError 370->375 376 7ffe1a4d52a4-7ffe1a4d52aa WSAGetLastError 370->376 377 7ffe1a4d5328-7ffe1a4d5336 371->377 373->377 374->373 382 7ffe1a4d52b9-7ffe1a4d52c1 PyErr_CheckSignals 375->382 383 7ffe1a4d52c5-7ffe1a4d52ca 375->383 376->375 378->359 378->364 380 7ffe1a4d5237-7ffe1a4d523d WSAGetLastError 379->380 381 7ffe1a4d523f-7ffe1a4d524a WSAGetLastError 379->381 380->381 384 7ffe1a4d52f8-7ffe1a4d52fb 381->384 385 7ffe1a4d5250-7ffe1a4d5258 PyErr_CheckSignals 381->385 382->359 386 7ffe1a4d52c3 382->386 387 7ffe1a4d52cc-7ffe1a4d52db WSAGetLastError 383->387 388 7ffe1a4d52f3-7ffe1a4d52f6 383->388 384->371 385->355 390 7ffe1a4d525e-7ffe1a4d5261 385->390 386->390 387->355 389 7ffe1a4d52e1-7ffe1a4d52ec WSAGetLastError 387->389 388->371 388->384 389->388 391 7ffe1a4d52ee 389->391 390->371 392 7ffe1a4d5267-7ffe1a4d526d 390->392 391->355 392->371 394->365 395->365
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Eval_Thread$Err_$CheckDeadline_RestoreSaveSignals$InitStringTime_Timeval_clampselect
                                                                • String ID: timed out
                                                                • API String ID: 497267021-3163636755
                                                                • Opcode ID: e8d612662e15c7c42ff97858117ad99e66a695495dedd8023d3accc3127b9541
                                                                • Instruction ID: 019459ac81abd5ee688be80a05557bf265453d930a03cc2e2e8286abb393603a
                                                                • Opcode Fuzzy Hash: e8d612662e15c7c42ff97858117ad99e66a695495dedd8023d3accc3127b9541
                                                                • Instruction Fuzzy Hash: 90418125F0CE4286FA645B77A44423D6290BF64FB4F1445F3CD4D82AB5CF3CA8A98682
                                                                Function 00007FFE1A4D6C9C Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                • API String ID: 418579395-1608436615
                                                                • Opcode ID: e5620e990f8220b448d5b59fe45baab9dc0f6dbd4740d24abe31777b74632af3
                                                                • Instruction ID: 6f81f14403cbba25b8125af1151c966e31d11d93c934b02f5bd46af8d581acc9
                                                                • Opcode Fuzzy Hash: e5620e990f8220b448d5b59fe45baab9dc0f6dbd4740d24abe31777b74632af3
                                                                • Instruction Fuzzy Hash: 50411B36708E8696EB208B12E4406B97361FB98FA8F5002B2DA9D83B64DF3CD559C740
                                                                Function 00007FFE1A4D4484 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77networkthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Eval_Thread$CheckErr_RestoreSaveSignalsconnect
                                                                • String ID: 3'
                                                                • API String ID: 4284410693-280543908
                                                                • Opcode ID: ed0aa6f5daee608154e3db044a1abba8314d7115e20110d062241df6d74eb585
                                                                • Instruction ID: 719c435ed6e60e0005f8aca751b07f4cd2ce1872dd53e6d7f0bacf021e15fc1b
                                                                • Opcode Fuzzy Hash: ed0aa6f5daee608154e3db044a1abba8314d7115e20110d062241df6d74eb585
                                                                • Instruction Fuzzy Hash: CA315035F08F4286E7604F67A8541B92690AF68FB4F1405F6EA5E83BB6DF3CE4608644
                                                                Function 00007FFE1A4D6198 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                                                • String ID: negative buffersize in recv$n|i:recv
                                                                • API String ID: 1342606314-3647384195
                                                                • Opcode ID: 29fb8dffb30c6af5d72d23fc4fc4b8e2e26d01538630a85b1ae85e9e50577ef5
                                                                • Instruction ID: 92638ce2274e94d7ea1ede7394e4cd0b0bde5c9d1228ef149d8fb91e4021e8bc
                                                                • Opcode Fuzzy Hash: 29fb8dffb30c6af5d72d23fc4fc4b8e2e26d01538630a85b1ae85e9e50577ef5
                                                                • Instruction Fuzzy Hash: FB114D75B19E4281EA148B52E440179E361FFA8FA4F0400F7D98D86BB6DF7CE168C740
                                                                Function 00007FFE1A4D599C Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long_Occurred$Arg_KeywordsUnpack
                                                                • String ID:
                                                                • API String ID: 591546834-0
                                                                • Opcode ID: eaa410074ab6af26ceaef7c7596cb67db9cb42dc3dbf0cc41afd0b861dd1535a
                                                                • Instruction ID: ad9d903b6470c5a7dd712bfdfe990ccfd801958d95b6ef34a59476cdc60f0860
                                                                • Opcode Fuzzy Hash: eaa410074ab6af26ceaef7c7596cb67db9cb42dc3dbf0cc41afd0b861dd1535a
                                                                • Instruction Fuzzy Hash: 1941A362B09E5242FE509B37A4543782291BF24FB4F1846F7DE1D47BA0EF7CE4648291
                                                                Function 00007FFE1A4D67E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                                                • String ID: y*|i:send
                                                                • API String ID: 3302300731-3140140677
                                                                • Opcode ID: 95aff07904a5713212a361be42d32b99a9b670a8c5ed14225624f7d16d8b4274
                                                                • Instruction ID: aea136fe3580fec84b268327871acd3257bd85b71168774f3a954acb57867883
                                                                • Opcode Fuzzy Hash: 95aff07904a5713212a361be42d32b99a9b670a8c5ed14225624f7d16d8b4274
                                                                • Instruction Fuzzy Hash: 2A118C32718F4582E7508F26E4003AAB3A0FB98B94F1000B2EA8D83B64DF3CD458CB40
                                                                Function 00007FFE1A4D53A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4D3DD0: PyErr_Format.PYTHON312 ref: 00007FFE1A4D4154
                                                                • PySys_Audit.PYTHON312 ref: 00007FFE1A4D53FC
                                                                  • Part of subcall function 00007FFE1A4D4484: PyEval_SaveThread.PYTHON312 ref: 00007FFE1A4D44A2
                                                                  • Part of subcall function 00007FFE1A4D4484: connect.WS2_32 ref: 00007FFE1A4D44B5
                                                                  • Part of subcall function 00007FFE1A4D4484: PyEval_RestoreThread.PYTHON312 ref: 00007FFE1A4D44C0
                                                                  • Part of subcall function 00007FFE1A4D4484: WSAGetLastError.WS2_32 ref: 00007FFE1A4D44CE
                                                                  • Part of subcall function 00007FFE1A4D4484: WSAGetLastError.WS2_32 ref: 00007FFE1A4D44DA
                                                                  • Part of subcall function 00007FFE1A4D4484: PyErr_CheckSignals.PYTHON312 ref: 00007FFE1A4D44E7
                                                                  • Part of subcall function 00007FFE1A4D4484: WSASetLastError.WS2_32 ref: 00007FFE1A4D4501
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                • String ID: connect$socket.connect
                                                                • API String ID: 2206401578-326844852
                                                                • Opcode ID: f61d2d1e51494460e737621043c48afaf6b2b37121598ef846ec6ce56cffa346
                                                                • Instruction ID: 9434b28b99d2cf09b4e17eb36887163c5466a6b77fd7b29134f023aff308f2ad
                                                                • Opcode Fuzzy Hash: f61d2d1e51494460e737621043c48afaf6b2b37121598ef846ec6ce56cffa346
                                                                • Instruction Fuzzy Hash: 30110921758E8281EA209B22F4507B66760BB68BA4F5410F3DA4D47A6ADE2CE165C741
                                                                Function 00007FFE1A4D6894 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 496 7ffe1a4d6894-7ffe1a4d68a8 497 7ffe1a4d68aa-7ffe1a4d68b2 496->497 498 7ffe1a4d68b8-7ffe1a4d68db send 496->498 497->498
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: send
                                                                • String ID:
                                                                • API String ID: 2809346765-0
                                                                • Opcode ID: 857e2324bf16085a4ea68c05b138027c44fdbe11cde1698f6f4c9787cdbcdc49
                                                                • Instruction ID: 127543ba2f6b114f07354373f30f3625a46467e1ffca70d496ac844b88240984
                                                                • Opcode Fuzzy Hash: 857e2324bf16085a4ea68c05b138027c44fdbe11cde1698f6f4c9787cdbcdc49
                                                                • Instruction Fuzzy Hash: E4E0DFF2F10A4582E7145B26E0402787360F719FB4F245322CA385B3E0CE38C4E1C340
                                                                Function 00007FFE1A4D62B4 Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 493 7ffe1a4d62b4-7ffe1a4d62c8 494 7ffe1a4d62ca-7ffe1a4d62d2 493->494 495 7ffe1a4d62d8-7ffe1a4d62fb recv 493->495 494->495
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: recv
                                                                • String ID:
                                                                • API String ID: 1507349165-0
                                                                • Opcode ID: a704ae423db7ff80c5d8b78b9383ad9a6b728f341f5aa79d46b21ad35153d223
                                                                • Instruction ID: 14eee794d39fc74cfe6ef799cdfff32cd6c97e1f207c6f194fb9e82532770c1f
                                                                • Opcode Fuzzy Hash: a704ae423db7ff80c5d8b78b9383ad9a6b728f341f5aa79d46b21ad35153d223
                                                                • Instruction Fuzzy Hash: 9DE04FF2B10A4582D7145B56E04027873A1F719FB4F245762CA385B7E0DE38D4F1C740

                                                                Non-executed Functions

                                                                Function 00007FFE1A4D3B20 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 181networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAGetLastError.WS2_32 ref: 00007FFE1A4D3B4A
                                                                  • Part of subcall function 00007FFE1A4D4B14: _Py_BuildValue_SizeT.PYTHON312(?,?,?,00007FFE1A4D3B5A), ref: 00007FFE1A4D4B2F
                                                                  • Part of subcall function 00007FFE1A4D4B14: PyErr_SetObject.PYTHON312(?,?,?,00007FFE1A4D3B5A), ref: 00007FFE1A4D4B44
                                                                  • Part of subcall function 00007FFE1A4D4B14: _Py_Dealloc.PYTHON312(?,?,?,00007FFE1A4D3B5A), ref: 00007FFE1A4D4B58
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4D3B6E
                                                                • PyErr_SetFromErrno.PYTHON312 ref: 00007FFE1A4D3B84
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$BuildDeallocErrnoErrorFromLastObjectSizeValue__errno
                                                                • String ID: NOO$surrogatepass$unsupported address family
                                                                • API String ID: 316901363-472101058
                                                                • Opcode ID: b91f96f39c30ed59f8962875126381abc059683d57aa2602eb85b04b624b84c7
                                                                • Instruction ID: 482bed587aef09550c6adc427dd213fabfe6acc1ced930757fa5f31dae8b9072
                                                                • Opcode Fuzzy Hash: b91f96f39c30ed59f8962875126381abc059683d57aa2602eb85b04b624b84c7
                                                                • Instruction Fuzzy Hash: 6A817336B09E4282EA558B22A44427963A1FF65FA5F1441F6DA4E837B5EF3CF4A1C700
                                                                Function 00007FFE1A4C1AA0 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 99395305cdb11cdb041beb820624a25ea4585affacafc0dcd255409337a1a2bc
                                                                • Instruction ID: 35955ea380cd88c5afe6130433c1b3de5cb2cdcb61fb92103e6c9080943de785
                                                                • Opcode Fuzzy Hash: 99395305cdb11cdb041beb820624a25ea4585affacafc0dcd255409337a1a2bc
                                                                • Instruction Fuzzy Hash: 20314D72708F8195EB608F66E8403F97360FB84B54F8440BADA4E47BADEF38D6588700
                                                                Function 00007FFE1333AA7C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 012467218d5544a4534461b4b62cf789c3f5b00e1029445c7606c465824eddd2
                                                                • Instruction ID: 666dc499c246deff3cc420c09ac71565fb68ad0c4031820e6f60615cdcce24ee
                                                                • Opcode Fuzzy Hash: 012467218d5544a4534461b4b62cf789c3f5b00e1029445c7606c465824eddd2
                                                                • Instruction Fuzzy Hash: 23314D76A08F818AEB608F62E8403EDB360FB94B54F04847ADA5D57BA4DF3CD649C714
                                                                Function 00007FFE13313E60 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                • Instruction ID: 05411ecf56e7d4eea346f2e392f58426f41dcc72e0b6665c0272c05674886904
                                                                • Opcode Fuzzy Hash: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                • Instruction Fuzzy Hash: 3E314872608F81DAEB608F61E8403E97760FB94764F44403ADA5E67AA6DF3CD6488718
                                                                Function 00007FFE1A4D3328 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 5130b0c2a8b4ddc3ad2379c44f9e6e14e4431d38d65cb8e8484721bef110eafb
                                                                • Instruction ID: 33badd70b1f6261bc93022f15ae25ab57d64bb51b799f7680370eea5847e5862
                                                                • Opcode Fuzzy Hash: 5130b0c2a8b4ddc3ad2379c44f9e6e14e4431d38d65cb8e8484721bef110eafb
                                                                • Instruction Fuzzy Hash: B2312A76709E818AEB608F61E8403FD6361FB94B54F4440BADA4E87BA5DF38D558C700
                                                                Function 00007FFE1A4D60CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                                                • String ID: |i:listen
                                                                • API String ID: 3610171639-1087349693
                                                                • Opcode ID: e8d47ebe0e10a6c5cc8300ffc03bcd4294c79b16c36a614c1882deaffce03895
                                                                • Instruction ID: f7ee6eefebf1e2383500e5549a7c678d49ac64216a17bcc270873ef1414a5c8f
                                                                • Opcode Fuzzy Hash: e8d47ebe0e10a6c5cc8300ffc03bcd4294c79b16c36a614c1882deaffce03895
                                                                • Instruction Fuzzy Hash: D301E125B28E4182EA548F57E884079A371FFA5FA0F1441F6DA4E83B65DF3CE4658740
                                                                Function 00007FFE1A4F94B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 829 7ffe1a4f94b8-7ffe1a4f94e9 830 7ffe1a4f9a7f-7ffe1a4f9a91 829->830 831 7ffe1a4f94ef-7ffe1a4f950d 829->831 832 7ffe1a4f9a94-7ffe1a4f9a97 call 7ffe1a4f79dc 830->832 833 7ffe1a4f9628-7ffe1a4f962b 831->833 834 7ffe1a4f9513 831->834 841 7ffe1a4f9a9c-7ffe1a4f9ab8 832->841 836 7ffe1a4f962d-7ffe1a4f9651 call 7ffe1a4faac8 833->836 837 7ffe1a4f9662-7ffe1a4f9669 833->837 838 7ffe1a4f9519-7ffe1a4f951c 834->838 839 7ffe1a4f9616-7ffe1a4f9623 834->839 857 7ffe1a4f9657-7ffe1a4f965d 836->857 858 7ffe1a4f99c1-7ffe1a4f99c5 836->858 845 7ffe1a4f966b-7ffe1a4f966e 837->845 846 7ffe1a4f9675-7ffe1a4f967c 837->846 843 7ffe1a4f9594-7ffe1a4f9599 838->843 844 7ffe1a4f951e 838->844 840 7ffe1a4f99b8-7ffe1a4f99bc call 7ffe1a4f7494 839->840 840->858 847 7ffe1a4f959b-7ffe1a4f959e 843->847 848 7ffe1a4f9604-7ffe1a4f9611 843->848 850 7ffe1a4f954c-7ffe1a4f9559 844->850 851 7ffe1a4f9520-7ffe1a4f9523 844->851 845->846 852 7ffe1a4f978c-7ffe1a4f978f 846->852 853 7ffe1a4f9682 846->853 855 7ffe1a4f95d7-7ffe1a4f95ff call 7ffe1a4f7a60 847->855 856 7ffe1a4f95a0-7ffe1a4f95a3 847->856 848->840 850->840 861 7ffe1a4f9525-7ffe1a4f9528 851->861 862 7ffe1a4f9582-7ffe1a4f958f 851->862 859 7ffe1a4f990c-7ffe1a4f990f 852->859 860 7ffe1a4f9795 852->860 863 7ffe1a4f977a-7ffe1a4f9787 853->863 864 7ffe1a4f9688-7ffe1a4f968b 853->864 855->858 868 7ffe1a4f95a5-7ffe1a4f95a8 856->868 869 7ffe1a4f95c1-7ffe1a4f95d2 call 7ffe1a4f7494 856->869 857->841 866 7ffe1a4f99c7-7ffe1a4f99ce 858->866 867 7ffe1a4f99f6-7ffe1a4f99fd 858->867 873 7ffe1a4f99ab 859->873 874 7ffe1a4f9915-7ffe1a4f9918 859->874 870 7ffe1a4f979b-7ffe1a4f979e 860->870 871 7ffe1a4f98fa-7ffe1a4f9907 860->871 861->862 872 7ffe1a4f952a-7ffe1a4f952d 861->872 862->840 863->840 875 7ffe1a4f9733-7ffe1a4f9736 864->875 876 7ffe1a4f9691 864->876 880 7ffe1a4f99e6-7ffe1a4f99f4 866->880 881 7ffe1a4f99d0-7ffe1a4f99d4 866->881 882 7ffe1a4f9a04-7ffe1a4f9a39 call 7ffe1a4f7680 call 7ffe1a4f79dc 867->882 883 7ffe1a4f95aa-7ffe1a4f95ad 868->883 884 7ffe1a4f95b9-7ffe1a4f95bc 868->884 869->855 885 7ffe1a4f97f7 870->885 886 7ffe1a4f97a0-7ffe1a4f97a3 870->886 871->840 872->862 887 7ffe1a4f952f-7ffe1a4f9532 872->887 888 7ffe1a4f99b2 873->888 889 7ffe1a4f991a-7ffe1a4f991d 874->889 890 7ffe1a4f9953-7ffe1a4f99a9 call 7ffe1a4fc540 call 7ffe1a4f7680 call 7ffe1a4f79dc 874->890 877 7ffe1a4f976b-7ffe1a4f9775 875->877 878 7ffe1a4f9738-7ffe1a4f973b 875->878 876->877 892 7ffe1a4f9697-7ffe1a4f969a 876->892 877->840 893 7ffe1a4f973d-7ffe1a4f9740 878->893 894 7ffe1a4f975c-7ffe1a4f9766 878->894 880->882 895 7ffe1a4f9a3c-7ffe1a4f9a3f 881->895 896 7ffe1a4f99d6-7ffe1a4f99de 881->896 882->895 883->884 908 7ffe1a4f95af-7ffe1a4f95b2 883->908 906 7ffe1a4f97fc-7ffe1a4f9813 884->906 885->906 898 7ffe1a4f97e5-7ffe1a4f97f2 886->898 899 7ffe1a4f97a5-7ffe1a4f97a8 886->899 900 7ffe1a4f9534-7ffe1a4f9537 887->900 901 7ffe1a4f9570-7ffe1a4f957d 887->901 888->840 902 7ffe1a4f9947-7ffe1a4f9951 889->902 903 7ffe1a4f991f-7ffe1a4f9922 889->903 890->858 904 7ffe1a4f9720-7ffe1a4f972e call 7ffe1a4f7940 892->904 905 7ffe1a4f96a0-7ffe1a4f96a3 892->905 893->894 909 7ffe1a4f9742-7ffe1a4f9745 893->909 894->840 912 7ffe1a4f9a41-7ffe1a4f9a6b call 7ffe1a4f8c5c call 7ffe1a4f79dc call 7ffe1a4f7ae0 895->912 913 7ffe1a4f9a70-7ffe1a4f9a7d 895->913 896->895 910 7ffe1a4f99e0-7ffe1a4f99e4 896->910 898->840 914 7ffe1a4f97aa-7ffe1a4f97ad 899->914 915 7ffe1a4f97d6-7ffe1a4f97e0 899->915 900->901 916 7ffe1a4f9539-7ffe1a4f953c 900->916 901->840 902->840 917 7ffe1a4f9938-7ffe1a4f993b 903->917 918 7ffe1a4f9924-7ffe1a4f9927 903->918 904->858 919 7ffe1a4f96a5-7ffe1a4f96a8 905->919 920 7ffe1a4f96de-7ffe1a4f971b call 7ffe1a4f94b8 call 7ffe1a4f7680 905->920 921 7ffe1a4f9815-7ffe1a4f9838 call 7ffe1a4fc9c4 906->921 922 7ffe1a4f9874-7ffe1a4f9877 906->922 908->884 924 7ffe1a4f95b4-7ffe1a4f95b7 908->924 926 7ffe1a4f9747-7ffe1a4f974a 909->926 927 7ffe1a4f9750-7ffe1a4f9757 909->927 910->880 910->895 912->913 913->841 930 7ffe1a4f97c4-7ffe1a4f97d1 914->930 931 7ffe1a4f97af-7ffe1a4f97b2 914->931 915->840 932 7ffe1a4f955e-7ffe1a4f956b 916->932 933 7ffe1a4f953e-7ffe1a4f9541 916->933 917->902 918->917 934 7ffe1a4f9929-7ffe1a4f9933 918->934 935 7ffe1a4f96cc-7ffe1a4f96d9 919->935 936 7ffe1a4f96aa-7ffe1a4f96ad 919->936 920->832 959 7ffe1a4f983a-7ffe1a4f9862 call 7ffe1a4f7a60 921->959 960 7ffe1a4f9865-7ffe1a4f986f 921->960 940 7ffe1a4f9879-7ffe1a4f9881 922->940 941 7ffe1a4f98df-7ffe1a4f98f5 call 7ffe1a4fc9c4 922->941 924->836 924->884 926->927 926->934 927->888 930->840 931->934 946 7ffe1a4f97b8-7ffe1a4f97bf 931->946 932->840 933->932 947 7ffe1a4f9543-7ffe1a4f9546 933->947 934->840 935->840 936->935 948 7ffe1a4f96af-7ffe1a4f96b2 936->948 952 7ffe1a4f98c5-7ffe1a4f98c7 940->952 953 7ffe1a4f9883-7ffe1a4f9899 call 7ffe1a4f7494 940->953 941->841 946->888 947->836 947->850 957 7ffe1a4f96bd-7ffe1a4f96c7 948->957 958 7ffe1a4f96b4-7ffe1a4f96b7 948->958 952->941 954 7ffe1a4f98c9-7ffe1a4f98da call 7ffe1a4f7494 952->954 953->941 970 7ffe1a4f989b-7ffe1a4f98c3 call 7ffe1a4f7a60 953->970 954->941 957->840 958->934 958->957 959->960 960->841 970->941
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                • API String ID: 2943138195-1482988683
                                                                • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                • Instruction ID: 2f1165035a5b7931de736ceed6315a28281418fb42edb2c0aa39cd436ba9ac27
                                                                • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                                                • Instruction Fuzzy Hash: C6028066F18E1288FB149F6ED9505FC3AB0BB05B65F4121F7CA0D92ABADF2C9514C340
                                                                Function 00007FFE1A4D3DD0 Relevance: 58.0, APIs: 19, Strings: 14, Instructions: 244networkCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 975 7ffe1a4d3dd0-7ffe1a4d3dfd 976 7ffe1a4d3e03-7ffe1a4d3e06 975->976 977 7ffe1a4d40de-7ffe1a4d40f5 975->977 978 7ffe1a4d3e0c-7ffe1a4d3e0f 976->978 979 7ffe1a4d3fd9-7ffe1a4d3ff8 976->979 980 7ffe1a4d40f7 977->980 981 7ffe1a4d4103-7ffe1a4d4129 _PyArg_ParseTuple_SizeT 977->981 982 7ffe1a4d3f65-7ffe1a4d3f69 978->982 983 7ffe1a4d3e15-7ffe1a4d3e18 978->983 984 7ffe1a4d3ffa 979->984 985 7ffe1a4d4006-7ffe1a4d403e _PyArg_ParseTuple_SizeT 979->985 980->981 986 7ffe1a4d412b-7ffe1a4d413d PyErr_ExceptionMatches 981->986 987 7ffe1a4d4176-7ffe1a4d41a0 call 7ffe1a4d4c58 981->987 988 7ffe1a4d3f6b-7ffe1a4d3f79 982->988 989 7ffe1a4d3f7e-7ffe1a4d3f9e _PyArg_ParseTuple_SizeT 982->989 991 7ffe1a4d3e1a-7ffe1a4d3e28 983->991 992 7ffe1a4d3e2d-7ffe1a4d3e35 983->992 984->985 985->986 993 7ffe1a4d4044-7ffe1a4d406c call 7ffe1a4d4c58 985->993 994 7ffe1a4d415a 986->994 995 7ffe1a4d413f 986->995 1005 7ffe1a4d41b8-7ffe1a4d41ba 987->1005 1006 7ffe1a4d41a2-7ffe1a4d41aa 987->1006 997 7ffe1a4d414d-7ffe1a4d4154 PyErr_Format 988->997 998 7ffe1a4d3fb3-7ffe1a4d3fc2 call 7ffe1a4d4b6c 989->998 999 7ffe1a4d3fa0-7ffe1a4d3fae 989->999 991->997 1001 7ffe1a4d3e57-7ffe1a4d3e88 992->1001 1002 7ffe1a4d3e37-7ffe1a4d3e52 PyErr_Format 992->1002 1015 7ffe1a4d4082-7ffe1a4d4085 993->1015 1016 7ffe1a4d406e-7ffe1a4d4074 993->1016 996 7ffe1a4d415c-7ffe1a4d4175 994->996 1004 7ffe1a4d4146 995->1004 997->994 998->994 1020 7ffe1a4d3fc8-7ffe1a4d3fd4 998->1020 999->997 1008 7ffe1a4d3e8a-7ffe1a4d3ea9 PyErr_Format 1001->1008 1009 7ffe1a4d3eae-7ffe1a4d3ec8 _PyArg_ParseTuple_SizeT 1001->1009 1002->994 1004->997 1005->994 1013 7ffe1a4d41bc-7ffe1a4d41c5 1005->1013 1006->1005 1011 7ffe1a4d41ac-7ffe1a4d41b0 1006->1011 1008->994 1009->994 1014 7ffe1a4d3ece-7ffe1a4d3ee0 PyUnicode_AsWideCharString 1009->1014 1011->1005 1019 7ffe1a4d41b2 _Py_Dealloc 1011->1019 1013->995 1021 7ffe1a4d41cb-7ffe1a4d41d9 htons 1013->1021 1022 7ffe1a4d3ee2-7ffe1a4d3ef0 1014->1022 1023 7ffe1a4d3ef5-7ffe1a4d3f0f UuidFromStringW PyMem_Free 1014->1023 1015->994 1018 7ffe1a4d408b-7ffe1a4d4094 1015->1018 1016->1015 1017 7ffe1a4d4076-7ffe1a4d407a 1016->1017 1017->1015 1024 7ffe1a4d407c _Py_Dealloc 1017->1024 1018->995 1025 7ffe1a4d409a-7ffe1a4d40a1 1018->1025 1019->1005 1020->996 1026 7ffe1a4d41e0-7ffe1a4d41e5 1021->1026 1022->997 1023->1022 1027 7ffe1a4d3f11-7ffe1a4d3f23 PyUnicode_AsWideCharString 1023->1027 1024->1015 1028 7ffe1a4d40a3-7ffe1a4d40aa 1025->1028 1029 7ffe1a4d40af-7ffe1a4d40d9 htons htonl 1025->1029 1026->996 1030 7ffe1a4d3f38-7ffe1a4d3f52 UuidFromStringW PyMem_Free 1027->1030 1031 7ffe1a4d3f25-7ffe1a4d3f33 1027->1031 1028->1004 1029->1026 1030->1031 1032 7ffe1a4d3f54-7ffe1a4d3f60 1030->1032 1031->997 1032->996
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Format$Deallochtons
                                                                • String ID: %s(): AF_HYPERV address must be tuple, not %.500s$%s(): AF_HYPERV address service_id is not a valid UUID string$%s(): AF_HYPERV address vm_id is not a valid UUID string$%s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): unsupported AF_HYPERV protocol: %d$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])$UU;AF_HYPERV address must be a str tuple (vm_id, service_id)
                                                                • API String ID: 2819711985-3631354148
                                                                • Opcode ID: 2a7c56321471c2d82b95262e8f982d4fde5c20bb87aa390549c57e4e666f4892
                                                                • Instruction ID: d0f9777f517d19164d1542395be5ab78f74080a8f18225381789b190ff78047b
                                                                • Opcode Fuzzy Hash: 2a7c56321471c2d82b95262e8f982d4fde5c20bb87aa390549c57e4e666f4892
                                                                • Instruction Fuzzy Hash: 72C11975B08E4686EB108F66D8441B823B1FB68FA8F5441F7DA4D93AA5DF3CE568C300
                                                                Function 00007FFE1A4D718C Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 260threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1033 7ffe1a4d718c-7ffe1a4d7230 _PyArg_ParseTupleAndKeywords_SizeT 1034 7ffe1a4d7236-7ffe1a4d7241 1033->1034 1035 7ffe1a4d754e 1033->1035 1037 7ffe1a4d7248-7ffe1a4d7256 1034->1037 1038 7ffe1a4d7243-7ffe1a4d7246 1034->1038 1036 7ffe1a4d7550-7ffe1a4d7570 1035->1036 1040 7ffe1a4d727a-7ffe1a4d727e 1037->1040 1041 7ffe1a4d7258-7ffe1a4d726e PyUnicode_AsEncodedString 1037->1041 1039 7ffe1a4d7291-7ffe1a4d72a0 1038->1039 1045 7ffe1a4d72bc-7ffe1a4d72c6 1039->1045 1046 7ffe1a4d72a2-7ffe1a4d72b1 PyObject_Str 1039->1046 1043 7ffe1a4d7537-7ffe1a4d7548 PyErr_SetString 1040->1043 1044 7ffe1a4d7284-7ffe1a4d728a PyBytes_AsString 1040->1044 1041->1035 1042 7ffe1a4d7274-7ffe1a4d7278 1041->1042 1047 7ffe1a4d728d 1042->1047 1043->1035 1044->1047 1050 7ffe1a4d72e7-7ffe1a4d72eb 1045->1050 1051 7ffe1a4d72c8 1045->1051 1048 7ffe1a4d72b7-7ffe1a4d72ba 1046->1048 1049 7ffe1a4d74f4-7ffe1a4d74f7 1046->1049 1047->1039 1054 7ffe1a4d72cb-7ffe1a4d72d7 PyUnicode_AsUTF8 1048->1054 1052 7ffe1a4d750d-7ffe1a4d7510 1049->1052 1053 7ffe1a4d74f9-7ffe1a4d74fc 1049->1053 1055 7ffe1a4d72ed-7ffe1a4d72f1 1050->1055 1056 7ffe1a4d72f3-7ffe1a4d72fa 1050->1056 1051->1054 1058 7ffe1a4d7526-7ffe1a4d752d 1052->1058 1059 7ffe1a4d7512-7ffe1a4d7515 1052->1059 1053->1052 1057 7ffe1a4d74fe-7ffe1a4d7502 1053->1057 1054->1049 1060 7ffe1a4d72dd-7ffe1a4d72e5 1054->1060 1061 7ffe1a4d7303-7ffe1a4d7331 PySys_Audit 1055->1061 1062 7ffe1a4d74dd-7ffe1a4d74ee PyErr_SetString 1056->1062 1063 7ffe1a4d7300 1056->1063 1057->1052 1065 7ffe1a4d7504-7ffe1a4d7507 _Py_Dealloc 1057->1065 1058->1035 1067 7ffe1a4d752f-7ffe1a4d7535 freeaddrinfo 1058->1067 1059->1058 1066 7ffe1a4d7517-7ffe1a4d751b 1059->1066 1060->1061 1061->1035 1064 7ffe1a4d7337-7ffe1a4d738b PyEval_SaveThread getaddrinfo PyEval_RestoreThread 1061->1064 1062->1049 1063->1061 1068 7ffe1a4d738d-7ffe1a4d739d call 7ffe1a4d4abc 1064->1068 1069 7ffe1a4d73a2-7ffe1a4d73b0 PyList_New 1064->1069 1065->1052 1066->1058 1070 7ffe1a4d751d-7ffe1a4d7520 _Py_Dealloc 1066->1070 1067->1035 1068->1049 1069->1049 1072 7ffe1a4d73b6-7ffe1a4d73bd 1069->1072 1070->1058 1074 7ffe1a4d746a-7ffe1a4d746d 1072->1074 1075 7ffe1a4d73c3-7ffe1a4d73da call 7ffe1a4d4864 1072->1075 1076 7ffe1a4d7483-7ffe1a4d7486 1074->1076 1077 7ffe1a4d746f-7ffe1a4d7472 1074->1077 1085 7ffe1a4d74c6-7ffe1a4d74ca 1075->1085 1086 7ffe1a4d73e0-7ffe1a4d741d _Py_BuildValue_SizeT 1075->1086 1080 7ffe1a4d749c-7ffe1a4d74a3 1076->1080 1081 7ffe1a4d7488-7ffe1a4d748b 1076->1081 1077->1076 1079 7ffe1a4d7474-7ffe1a4d7478 1077->1079 1079->1076 1083 7ffe1a4d747a-7ffe1a4d747d _Py_Dealloc 1079->1083 1087 7ffe1a4d74ab-7ffe1a4d74ae 1080->1087 1088 7ffe1a4d74a5 freeaddrinfo 1080->1088 1081->1080 1084 7ffe1a4d748d-7ffe1a4d7491 1081->1084 1083->1076 1084->1080 1090 7ffe1a4d7493-7ffe1a4d7496 _Py_Dealloc 1084->1090 1085->1049 1089 7ffe1a4d74cc-7ffe1a4d74d0 1085->1089 1091 7ffe1a4d742f-7ffe1a4d7432 1086->1091 1092 7ffe1a4d741f-7ffe1a4d7424 1086->1092 1087->1036 1088->1087 1089->1049 1093 7ffe1a4d74d2-7ffe1a4d74db _Py_Dealloc 1089->1093 1090->1080 1091->1085 1095 7ffe1a4d7438-7ffe1a4d7448 PyList_Append 1091->1095 1092->1091 1094 7ffe1a4d7426-7ffe1a4d7429 _Py_Dealloc 1092->1094 1093->1049 1094->1091 1096 7ffe1a4d744a-7ffe1a4d744c 1095->1096 1097 7ffe1a4d74b3-7ffe1a4d74b5 1095->1097 1099 7ffe1a4d745d-7ffe1a4d7464 1096->1099 1100 7ffe1a4d744e-7ffe1a4d7452 1096->1100 1097->1085 1098 7ffe1a4d74b7-7ffe1a4d74bb 1097->1098 1098->1085 1102 7ffe1a4d74bd-7ffe1a4d74c0 _Py_Dealloc 1098->1102 1099->1074 1099->1075 1100->1099 1101 7ffe1a4d7454-7ffe1a4d7457 _Py_Dealloc 1100->1101 1101->1099 1102->1085
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$String$Err_Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_Object_ParseRestoreSaveSys_TupleValue_getaddrinfo
                                                                • String ID: Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                • API String ID: 3469260611-1074899869
                                                                • Opcode ID: 2f423c6ffa71151a3adb167c7cdb8e101b5c9d8c3bce7bb13a85d95737d9847a
                                                                • Instruction ID: 744f7338838b86e50fd4beebd5c849a4b1f1881fc9e9c4a8bee87e5805d75495
                                                                • Opcode Fuzzy Hash: 2f423c6ffa71151a3adb167c7cdb8e101b5c9d8c3bce7bb13a85d95737d9847a
                                                                • Instruction Fuzzy Hash: 24C15836B08E8286EB15CF62D8545B837A1BB68FA4F1445F6DE4E92B65DF3CE464C300
                                                                Function 00007FFE1A4D78C8 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 162threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Size$Arg_Err_ParseRestoreSaveStringTuple_$AuditBuildDecodeS_snprintfSys_Unicode_Value_freeaddrinfogetaddrinfogetnameinfohtonl
                                                                • String ID: $(O)$IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getnameinfo(): flowinfo must be 0-1048575.$si|II;getnameinfo(): illegal sockaddr argument$sockaddr resolved to multiple addresses$socket.getnameinfo$surrogatepass
                                                                • API String ID: 2526741257-243639936
                                                                • Opcode ID: 04604c1635eafd80c084e70278c0c195183a3ebb5ddeaecdd157658cd547c5cb
                                                                • Instruction ID: 5dd196d6d27a196c639c1e661c0f68dc3a7999fbe7726c05ff1041caa022b9e3
                                                                • Opcode Fuzzy Hash: 04604c1635eafd80c084e70278c0c195183a3ebb5ddeaecdd157658cd547c5cb
                                                                • Instruction Fuzzy Hash: DB812A76B08E8286EA10CB22E4401B967A1FB94FA4F1401B7DA4D87A79CF7CE555CB40
                                                                Function 00007FFE1A4D4C58 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 170threadstringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Threadfreeaddrinfo$RestoreSavegetaddrinfoinet_ptonmemcpystrcmp$Err_Stringstrchr
                                                                • String ID: 255.255.255.255$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                                                • API String ID: 535957624-1715193308
                                                                • Opcode ID: 84e0856cd869813e583fc43c899fd160c3153486a779d11b04d7bc0fb41145c4
                                                                • Instruction ID: 592739a99fbc4909c4c9981662d3df11b84a5ccc38cb5b15921bddd019f83421
                                                                • Opcode Fuzzy Hash: 84e0856cd869813e583fc43c899fd160c3153486a779d11b04d7bc0fb41145c4
                                                                • Instruction Fuzzy Hash: 1D719131B08E4292F7608F2694442B923A1FB68FA4F5442F7DA4D93AB6CF3CE565C704
                                                                Function 00007FFE1A4C22F8 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 206timethreadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _PyTime_FromSecondsObject.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2356
                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C236A
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C23B6
                                                                  • Part of subcall function 00007FFE1A4C266C: PySequence_Fast.PYTHON312(00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2694
                                                                • _PyDeadline_Init.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2471
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C24AB
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C24B4
                                                                • select.WS2_32(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C24CD
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C24D9
                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C24DF
                                                                • PyErr_CheckSignals.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C24EE
                                                                • _PyDeadline_Get.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C250B
                                                                • _PyTime_AsTimeval_clamp.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2529
                                                                • PyErr_Occurred.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2584
                                                                • PyTuple_Pack.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C259D
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C25BA
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C25D3
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C25EC
                                                                • WSAGetLastError.WS2_32(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2652
                                                                • PyErr_SetExcFromWindowsErr.PYTHON312(?,?,?,00007FFDFAC4D290,?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2664
                                                                  • Part of subcall function 00007FFE1A4C266C: PyObject_AsFileDescriptor.PYTHON312(?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C2709
                                                                  • Part of subcall function 00007FFE1A4C266C: PyErr_SetString.PYTHON312(?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C278F
                                                                  • Part of subcall function 00007FFE1A4C266C: _Py_Dealloc.PYTHON312(?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C27A3
                                                                  • Part of subcall function 00007FFE1A4C266C: _Py_Dealloc.PYTHON312(?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C27B7
                                                                  • Part of subcall function 00007FFE1A4C266C: _Py_Dealloc.PYTHON312(?,?,00007FFE1A4C22E5), ref: 00007FFE1A4C27D2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Deadline_Eval_FromStringThreadTime__errno$CheckDescriptorErrorExceptionFastFileInitLastMatchesObjectObject_OccurredPackRestoreSaveSecondsSequence_SignalsTimeval_clampTuple_Windowsselect
                                                                • String ID: timeout must be a float or None$timeout must be non-negative
                                                                • API String ID: 1581318368-2150404077
                                                                • Opcode ID: d788fc8d8f2c4c3425777ff2c68e582025ccc74bbe31b0ae76aafc8d094d01c2
                                                                • Instruction ID: 19dcd2808adbc9a0fad7816d2fe7eabdd9dc855fa228f389aeb2c35773c9da7b
                                                                • Opcode Fuzzy Hash: d788fc8d8f2c4c3425777ff2c68e582025ccc74bbe31b0ae76aafc8d094d01c2
                                                                • Instruction Fuzzy Hash: 7E911F61B08E8299EB21AF27D8541B963A0FF44FA4F8041B6DA4E476BCDF7CE655C700
                                                                Function 00007FFE1A4D4864 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: BuildSizeValue_
                                                                • String ID: OiII$Unknown Bluetooth protocol$iy#
                                                                • API String ID: 1740464280-1931379703
                                                                • Opcode ID: 902a55de1e61e57d9b75f782d95346036916bf3d28d7f19c3b677d66217b6a38
                                                                • Instruction ID: 19290d87be7ffb18f4ff35d1b7aec040acb2dee467dfa282e5bf632c66a5330a
                                                                • Opcode Fuzzy Hash: 902a55de1e61e57d9b75f782d95346036916bf3d28d7f19c3b677d66217b6a38
                                                                • Instruction Fuzzy Hash: FF513F35B08E4392EA244B23E4540B96361BF65FB0F4445F6CA5E87AB6EF3CE5A5C300
                                                                Function 00007FFE1A4FCDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                • String ID: `anonymous namespace'
                                                                • API String ID: 3863519203-3062148218
                                                                • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                • Instruction ID: bead5cf35a395cf4b8663ef25634e8e427853c58fc4f84ceab9f584e24e07386
                                                                • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                                                • Instruction Fuzzy Hash: E6E16D72A08F8299EB10CF2AE8801FD77A0FB45B59F4061B6EA8D57B65DF38D525C700
                                                                Function 00007FFE133071F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 156threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_LongString$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                • API String ID: 553332449-1518367256
                                                                • Opcode ID: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                • Instruction ID: 8312ae15b9ebf1be1fdb7cce80b1522a4405a93e1eb51774fc5a3debb9ec3e0b
                                                                • Opcode Fuzzy Hash: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                • Instruction Fuzzy Hash: 0A617921A08F42C9EA668F27A81427D77A4FF64BB4F0841B5DD2D2A6B5DF3CE445834C
                                                                Function 00007FFE13310CAC Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$LongMem_String$Arg_CallocClearDeallocExceptionFreeItemKeywords_Long_Mapping_MatchesOccurredParseSizeTupleUnsigned
                                                                • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                • API String ID: 1879153319-1461672608
                                                                • Opcode ID: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                • Instruction ID: c55dd4dafa50e98963487e5259a387cf5d7b3ea1ef163d0d9a7e35ec02860947
                                                                • Opcode Fuzzy Hash: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                • Instruction Fuzzy Hash: 48516036A08F42C9EA208F12F4402A9B7A4FBA8BA4F544075CEAD17776DF3CE455C748
                                                                Function 00007FFE1A4D8270 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Err_$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                                                • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                                                • API String ID: 1507301079-2822559286
                                                                • Opcode ID: 53b98e0b39da5fdef2c7c0ee4bcb4f09635da776308b6f8e1f3f5746954ec4bc
                                                                • Instruction ID: af664442c91f02b9b27033ba2d04e1d95d7b158c8c71dc97717baaf9f1903434
                                                                • Opcode Fuzzy Hash: 53b98e0b39da5fdef2c7c0ee4bcb4f09635da776308b6f8e1f3f5746954ec4bc
                                                                • Instruction Fuzzy Hash: 7C31FB65B1CE4682EA608B16E8506B923A1FFA8F64F5004F3D54EC7A76DF3DE468C740
                                                                Function 00007FFE1A4D2950 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                • String ID: socket.gethostname
                                                                • API String ID: 1075394898-2650736202
                                                                • Opcode ID: 25ae612990bab75232c8daec9245eaa7fbb0b38a1306ba03551d9cdaf76ece37
                                                                • Instruction ID: 2d70ba532a292e36ccc6e75889200f1d96707d2f26bd033d2d62baa58cf2edb9
                                                                • Opcode Fuzzy Hash: 25ae612990bab75232c8daec9245eaa7fbb0b38a1306ba03551d9cdaf76ece37
                                                                • Instruction Fuzzy Hash: 35312525B0CF4282E7249B23A91427A63A2FFA9FA5F5444F7D54EC6BB5DF3CE4148600
                                                                Function 00007FFE1A4D7F30 Relevance: 24.1, APIs: 16, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                                                • String ID:
                                                                • API String ID: 1684791173-0
                                                                • Opcode ID: 6e5f08eccdd5b29cfe341dff8070fb2ed0092c75082b83863e899f864d342429
                                                                • Instruction ID: cfdd7d9b04584b03a9c14b014e664904df0306443338c7538b4b16e114a917ba
                                                                • Opcode Fuzzy Hash: 6e5f08eccdd5b29cfe341dff8070fb2ed0092c75082b83863e899f864d342429
                                                                • Instruction Fuzzy Hash: 09412E35B08E4282FB669B22E85437973A1EFA5F65F0544F6C94E82AB5DF3CE4648700
                                                                Function 00007FFE1A4FDC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::$Name::operator+atolswprintf_s
                                                                • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                • API String ID: 2331677841-2441609178
                                                                • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                • Instruction ID: 5471f19570d1ee83d7182e714f7ef01c2030f9fdde7a2e540bad0272dd722c33
                                                                • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                                                • Instruction Fuzzy Hash: 05F1A362F0CE1288FB249B6E95551FC27A0AF55F6AF5020F7DE4D16AB5DF3CA5288300
                                                                Function 00007FFE133081F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                • API String ID: 883004049-2667845042
                                                                • Opcode ID: bd01afbcdf428c3c6fd1533d6da37d25cba52a063e969e166f86159c4183e5fb
                                                                • Instruction ID: 9e65a5389bfa6924f535dc3356bc785296b5d8977155c88d1cfb60bb08a0c783
                                                                • Opcode Fuzzy Hash: bd01afbcdf428c3c6fd1533d6da37d25cba52a063e969e166f86159c4183e5fb
                                                                • Instruction Fuzzy Hash: C9418022A08F428AEA518F13E44027D7BA5FB69BA0F4441B1DE6D2B7B5DF3CE405C708
                                                                Function 00007FFE13333548 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_BufferContiguousIndexKeywordsLong_Number_Object_ReleaseSsize_tUnpackmemset
                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                • API String ID: 2593461735-2667845042
                                                                • Opcode ID: 765b22e1d0c43746eefacce39cc61ecbcbbe27cbcf58c331b942709e186efdb8
                                                                • Instruction ID: af36f23ad89d5d41c951698ff80e7183b0af1196220fcafda224e8e90464a6b3
                                                                • Opcode Fuzzy Hash: 765b22e1d0c43746eefacce39cc61ecbcbbe27cbcf58c331b942709e186efdb8
                                                                • Instruction Fuzzy Hash: 69415B22A18F468AEA509B13D4446B8A3A0FB68FB4F44C171DD6D677B4DF3CE549C704
                                                                Function 00007FFE1A4D5EDC Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                                                • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                                                • API String ID: 1148432870-4238462244
                                                                • Opcode ID: 3f76204c42d358388be91a2e0fa01af582f79ca479d8e6d2f391cea6ebf1b823
                                                                • Instruction ID: 5a421316eb14cf6f0f77b56f2afa3ab0b6f0a5f5979e641b72cc8b1a64236551
                                                                • Opcode Fuzzy Hash: 3f76204c42d358388be91a2e0fa01af582f79ca479d8e6d2f391cea6ebf1b823
                                                                • Instruction Fuzzy Hash: 0B512E31B18E4289E750CB76E8405FD33B1FB58B68F5401B6EA4D97A68DF38D564C740
                                                                Function 00007FFE1A4D4284 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_String$DeallocErr_Size
                                                                • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                                                • API String ID: 2522550923-2120988924
                                                                • Opcode ID: 4bff7bdefa987b91148ee3b18d677af03c6520adca83e4b60bb055ec74d24b36
                                                                • Instruction ID: b77c8facfdc089531f0447b1ecb4a9dcdb5fc4b939e01621c322727bccf100d3
                                                                • Opcode Fuzzy Hash: 4bff7bdefa987b91148ee3b18d677af03c6520adca83e4b60bb055ec74d24b36
                                                                • Instruction Fuzzy Hash: 66414D35B19F4282EB548B17E4503B823A1EB64FA4F2455F2CA5E877A2DF3CE4B58300
                                                                Function 00007FFE1A4D6A44 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: SizeTuple_$Arg_Buffer_ParseRelease$AuditErr_FormatFromLong_Ssize_tSys_
                                                                • String ID: sendto$sendto() takes 2 or 3 arguments (%zd given)$socket.sendto$y*O:sendto$y*iO:sendto
                                                                • API String ID: 3528750861-2448770124
                                                                • Opcode ID: 0194c0e6244d6a72a08d98085803f7896a3b58e6dc587eada0c3a2fa3e416755
                                                                • Instruction ID: c2a2de0d304e499812577f5c13fd17a790bc8a53cfbd2c9a52588646c0b93329
                                                                • Opcode Fuzzy Hash: 0194c0e6244d6a72a08d98085803f7896a3b58e6dc587eada0c3a2fa3e416755
                                                                • Instruction Fuzzy Hash: D741FC35718E4685EB10CF66E8502BA77A5FB98B98F5001B3DA8D83B68DF7CD518C740
                                                                Function 00007FFE13311110 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockTupleType_
                                                                • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                • API String ID: 1600877341-3984722346
                                                                • Opcode ID: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                • Instruction ID: 3c6104e981f12dc98862fc2b481b6e8b5c96c191ad70a71d21303b6d75269d09
                                                                • Opcode Fuzzy Hash: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                • Instruction Fuzzy Hash: 19612932E08F12CDEB508B26E8400B877A5FB68BA8B540572DE2D67769DF3CD545C748
                                                                Function 00007FFE1A4FB280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                • Instruction ID: 0b919e3f86e7e45364469907f048677035d811bbb94f862b236026428db8a618
                                                                • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                                                • Instruction Fuzzy Hash: 14F19B76B08A829DF700DF6AE4901FC37B0EB05B5DB4450B3DA4D57AA9DE38D926C340
                                                                Function 00007FFE13310B5C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310B81
                                                                • PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310B9B
                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310BB0
                                                                • PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310BC7
                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310C40
                                                                • PyErr_Format.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310C89
                                                                • PyErr_SetString.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310CA2
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13315D3A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                • API String ID: 1881886752-3390802605
                                                                • Opcode ID: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                • Instruction ID: ff14f56372c3ab89f6f5dfd95314e71ed4a841016e7e76143313142c18dbfe07
                                                                • Opcode Fuzzy Hash: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                • Instruction Fuzzy Hash: C5411231B08E03C9EA658F17E454139A7A0FF65BA4F0480B1CA6E6A772DE3CE491C70C
                                                                Function 00007FFE1A4D75A4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_AuditErr_FreeMem_ParseSizeStringSys_Tuple_
                                                                • String ID: et:gethostbyaddr$idna$socket.gethostbyaddr$unsupported address family
                                                                • API String ID: 1738687268-1751716127
                                                                • Opcode ID: 17dc3cb58174f4dc7df811a36dd272339ac8b6b8490b7850cf16da8a9be953b1
                                                                • Instruction ID: 593ef473e14bfa0cf179f60c73f80f9022fb0e3ccf4ad12ee0d759eea34b9ab6
                                                                • Opcode Fuzzy Hash: 17dc3cb58174f4dc7df811a36dd272339ac8b6b8490b7850cf16da8a9be953b1
                                                                • Instruction Fuzzy Hash: AE315E65B08E8682E620CB17E8547BA6361BBA8FE0F4440F3DE8D87B65DE3CD4588740
                                                                Function 00007FFE1A4D6660 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Release$Size$Arg_BuildDeallocErr_Keywords_ParseStringTupleValue_
                                                                • String ID: nbytes is greater than the length of the buffer$negative buffersize in recvfrom_into$w*|ni:recvfrom_into
                                                                • API String ID: 252658603-4033050226
                                                                • Opcode ID: cbd05dbb59b33da20bee7d15abf173420b95374231d8228cad919bc37cd99a43
                                                                • Instruction ID: ae997465583efff042605c6ab2cae93c839e7a88f2015500ba09ddd521df02d1
                                                                • Opcode Fuzzy Hash: cbd05dbb59b33da20bee7d15abf173420b95374231d8228cad919bc37cd99a43
                                                                • Instruction Fuzzy Hash: 1B314A75B0CF4281EA108B52E4442B9B361FBA9FA4F5000B7DA9D83A61DF7DE468C700
                                                                Function 00007FFE13310710 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                • API String ID: 3656606796-2431706548
                                                                • Opcode ID: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                • Instruction ID: 3bad2e7188b76af4eff2b45381826507058cbece111a0553e579d2079da0b769
                                                                • Opcode Fuzzy Hash: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                • Instruction Fuzzy Hash: 8531A222B08E42C9EA508F23D8441B9A360FFA4F94F5881B1DA6D67676DF3CE549C708
                                                                Function 00007FFE133086B8 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$MemoryString
                                                                • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                • API String ID: 60457842-2177155514
                                                                • Opcode ID: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                • Instruction ID: 3efc25fc4e0d5108c0fe12791caac93c36c8f8cbf40915bfd2fa17d82f87826e
                                                                • Opcode Fuzzy Hash: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                • Instruction Fuzzy Hash: 2A217C61E2CE23CDFAB8471B945407C1AA1AF71B70F6060B1D12E7DAB99E6DF944C60C
                                                                Function 00007FFE1A4D7C20 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                                                • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                                                • API String ID: 1135235387-1257235949
                                                                • Opcode ID: 3b5f47b3c7fe93ff51d3c351ac1364b9cc3afc28ca2730272accc108aa8dca2c
                                                                • Instruction ID: fc7f030ad4aa276064ac1b5f8e0d425d14ef52d1f62d5e4d861a76b0671c87ec
                                                                • Opcode Fuzzy Hash: 3b5f47b3c7fe93ff51d3c351ac1364b9cc3afc28ca2730272accc108aa8dca2c
                                                                • Instruction Fuzzy Hash: B011B825B08E4292EA408B17E8442B967B1FBA9FA5F5400F7DA8DC3A75DF3CD469C740
                                                                Function 00007FFE1A4F3334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 4223619315-393685449
                                                                • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                • Instruction ID: 971e8ab3a845f84856dca0f30f1be0c11b4f28642ff98f675f7c41cae1aca850
                                                                • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                                                • Instruction Fuzzy Hash: 32D1A172B08B4186EB609B6AD4402FD77A0FB45FA9F1051B6EE9D57B65CF38E0A0C700
                                                                Function 00007FFE1A4FED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Replicator::operator[]
                                                                • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                • API String ID: 3676697650-3207858774
                                                                • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                • Instruction ID: c2e5d4188087a6b6364d0d3c47ab70cc3329b4aa085a43a25eb761df1f5aafe4
                                                                • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                                                • Instruction Fuzzy Hash: 16919C62B08E4699FB208F2AE4506FC37A0AB95F6AF4461F3DA4D036A5DF3CE515C350
                                                                Function 00007FFE1A4D5850 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                                                • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                                                • API String ID: 3532181676-2750947780
                                                                • Opcode ID: 9b7346a9f4b417b4410470c21b5fb1116251040c05f54305fa742b3d80924aa3
                                                                • Instruction ID: dfcf112e3c82134747d8c7991498f71179b66db95d237d8eb744b8fea14cb8ce
                                                                • Opcode Fuzzy Hash: 9b7346a9f4b417b4410470c21b5fb1116251040c05f54305fa742b3d80924aa3
                                                                • Instruction Fuzzy Hash: 32311A36B18E42C3EB148F26E44057A73A1FB94F64F5001B6E68E82A78DF3CD469CB40
                                                                Function 00007FFE1A4F9164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                • Instruction ID: bde8f30efc8500cb715db9d26fd20002ac51cb98179bdaa125637bf139627a6e
                                                                • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                                                • Instruction Fuzzy Hash: 7D714072B04A429DEB11DF6AD4501FC33B1AB44B99B4154B3DA0D57AAADF38D625C380
                                                                Function 00007FFE13307FEC Relevance: 16.7, APIs: 11, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Mem_$memcpy$Bytes_DeallocErr_FreeFromMallocNoneReallocSizeStringmemmove
                                                                • String ID:
                                                                • API String ID: 1220578264-0
                                                                • Opcode ID: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                • Instruction ID: 4038676a3d15f2412ac78c481223bef4c1521bde6b2211ea8b91fa994f576e75
                                                                • Opcode Fuzzy Hash: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                • Instruction Fuzzy Hash: 73514922A09F42C9EA648F26E94023D6AA5FF24FA4F184471CE6D3B765DF3CE4518308
                                                                Function 00007FFE1A4FAAC8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                • API String ID: 2943138195-1464470183
                                                                • Opcode ID: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                • Instruction ID: dc142ae1007668c113d511852d14d893e3801f61537a96b165f1d71457b2a700
                                                                • Opcode Fuzzy Hash: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                                                • Instruction Fuzzy Hash: 4B517A32F08E52D9FB10CB6AE9805FD37B1BB05B69F5050F6DA4D53AA9DF28A525C300
                                                                Function 00007FFE1A4D68DC Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_Err_Release$Arg_CheckDeadline_ParseSignalsSizeStringTuple_
                                                                • String ID: timed out$y*|i:sendall
                                                                • API String ID: 1463051379-3431350491
                                                                • Opcode ID: 00d1fe47f6855c3b5d42d86fbf0b7457282001a731998b6d4c743e6650992aaa
                                                                • Instruction ID: 14bbbf472254636e47292877c6d9ec98488a1b4ef92cfa385cf8c34b6254568b
                                                                • Opcode Fuzzy Hash: 00d1fe47f6855c3b5d42d86fbf0b7457282001a731998b6d4c743e6650992aaa
                                                                • Instruction Fuzzy Hash: 00413D36B18E8286E7108F16E8402B9B361FB58FA4F5440B7DE4D93B69DF3CE4558700
                                                                Function 00007FFE1A4C1190 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: b57b117b731fe6fadf01a2aa5e6dfd03c7664753ee25818152bc9f2dcd8646e2
                                                                • Instruction ID: 7291a482a635e2528ef57bb19a86f92220c5114e3a78de117f5edab36f043222
                                                                • Opcode Fuzzy Hash: b57b117b731fe6fadf01a2aa5e6dfd03c7664753ee25818152bc9f2dcd8646e2
                                                                • Instruction Fuzzy Hash: B0815E21F08F4386FB509B6B94412B96690AF45FA0FD481F7D90D876BEEF2CE9758600
                                                                Function 00007FFE1333A2F0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 2eaa67de80a121e031fad50f9f59be50fff6b26d2a98fc10d8919c7430d16f7e
                                                                • Instruction ID: f43143037a2af97f04912535e28e7551c494a7f8a4de1400c6edfabb630b5a6b
                                                                • Opcode Fuzzy Hash: 2eaa67de80a121e031fad50f9f59be50fff6b26d2a98fc10d8919c7430d16f7e
                                                                • Instruction Fuzzy Hash: C6817021E0CE434DF654AB5794452B9A6A0AF75FA0F44C0B5E96CB73B2DE3CE4478708
                                                                Function 00007FFE13313550 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                • Instruction ID: b8b10102cacda8275ee5a3c3bb94186a91cfc485986e6cb90c5716a250ee066a
                                                                • Opcode Fuzzy Hash: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                • Instruction Fuzzy Hash: 9E81E121E0CE03CDFA609B2794412796AA1AF75BB0F4480B5E92C777B7DE7CE8058708
                                                                Function 00007FFE1A4D2A20 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 91504536c4c753e82cdbe588412995d0809db0d3d25c664ce5a0f1fe9eeb7b4f
                                                                • Instruction ID: 9425271022127b14d54fc9d797e5b70d0b6eebed08a9bb209336892adbd7116d
                                                                • Opcode Fuzzy Hash: 91504536c4c753e82cdbe588412995d0809db0d3d25c664ce5a0f1fe9eeb7b4f
                                                                • Instruction Fuzzy Hash: CC81AD31F08E4386FA60AB6794412B96291AFA5FB0F5440F7DA0C977B6DF7CE8658700
                                                                Function 00007FFE13333270 Relevance: 15.2, APIs: 10, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Mem_memcpy$Bytes_DeallocFromMallocReallocSizeString
                                                                • String ID:
                                                                • API String ID: 2377850682-0
                                                                • Opcode ID: 41b2a13bf521d5b7757f118eec8ced83366289b083df3c13bbfcfecfc1a8147d
                                                                • Instruction ID: dae0c7c2de2014b1312167120a1c26a0bab66a2500f21d63b83ce616d0b8a653
                                                                • Opcode Fuzzy Hash: 41b2a13bf521d5b7757f118eec8ced83366289b083df3c13bbfcfecfc1a8147d
                                                                • Instruction Fuzzy Hash: 68513732A09F8289EA149F239444279A2A4FB64FB4F18C475DEAD66764DF3CE0558309
                                                                Function 00007FFE1A4D7090 Relevance: 15.1, APIs: 10, Instructions: 60networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Long$Err_FromLong_Socketclosesocket$CurrentDuplicateHandleInformationOccurredProcessWindows
                                                                • String ID:
                                                                • API String ID: 3394293678-0
                                                                • Opcode ID: 4c347251b0cb3e997720691e5f1e8047ee37cb6823bc12014edeb51918814818
                                                                • Instruction ID: d87c6fb586d34dfeba6562ef7b868873682972227070a64057e262d44a30d900
                                                                • Opcode Fuzzy Hash: 4c347251b0cb3e997720691e5f1e8047ee37cb6823bc12014edeb51918814818
                                                                • Instruction Fuzzy Hash: 61212925B19F8241FA149B33A81877D2291AF65FB4F0407F6D86E867F5EF3CE4548600
                                                                Function 00007FFE1A4F37F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 211107550-393685449
                                                                • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                • Instruction ID: 539e5dce937855c054775bf89cc8f801e92793dfe13add888d407c127115af89
                                                                • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                                                • Instruction Fuzzy Hash: 80E1AF73A08B828AE7509F3AD4802FD77A0FB45B69F1011B6DE9D57666CF38E591C700
                                                                Function 00007FFE13331ED4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: %d work, %d block, ratio %5.2f$ too repetitive; using fallback sorting algorithm$VUUU
                                                                • API String ID: 711238415-2988393112
                                                                • Opcode ID: c9a2b1f2fff8b693f84e6fade5b350d543d714228db9c5a9fe61d7526b9c9b01
                                                                • Instruction ID: 900881e2a692d4f3e4be50117181fe0cf56327b900b4cdbd1cb0ce920f38f484
                                                                • Opcode Fuzzy Hash: c9a2b1f2fff8b693f84e6fade5b350d543d714228db9c5a9fe61d7526b9c9b01
                                                                • Instruction Fuzzy Hash: 2C41A432E08A418BE614AF26D445178B3A5FBA8F64F109376DE5E637B6DF3CD4828704
                                                                Function 00007FFE1A4C266C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                • API String ID: 3320488554-3996108163
                                                                • Opcode ID: 663c9d7e54148f1ae31ea019f9802c07c2ccdac2675d68113b08dfc84bed29b7
                                                                • Instruction ID: 25331bbf132676854c5c237850400e37a49ef93d979f8a3ff54f22672dbdec2a
                                                                • Opcode Fuzzy Hash: 663c9d7e54148f1ae31ea019f9802c07c2ccdac2675d68113b08dfc84bed29b7
                                                                • Instruction Fuzzy Hash: DF416D76B09F1285EB149F16E58417873A1FB94FB4F9042B2CA5E437A8DF78E464C300
                                                                Function 00007FFE1A4FC7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                • API String ID: 2943138195-2239912363
                                                                • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                • Instruction ID: 2e94645da66a4ae6e83184eabb20eb62a7ea2f3734a9f94829ea3183d40d1a2a
                                                                • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                                                • Instruction Fuzzy Hash: 8E514A62F08F5188FB118B6AE8406FC3BB0BB49B6AF4451F7DA4D12AA5DF3C9164C714
                                                                Function 00007FFE13332690 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                • String ID: argument$compress$contiguous buffer
                                                                • API String ID: 1731275941-2310704374
                                                                • Opcode ID: 14121d2eb2f0784b8e94f491fcd0c9020d2f8b8e0951888bcb593b8e05aee52d
                                                                • Instruction ID: c279009ba33f63c4f6b98a457dafcedb5af50a6f5366ba24826ef42f9c98d0eb
                                                                • Opcode Fuzzy Hash: 14121d2eb2f0784b8e94f491fcd0c9020d2f8b8e0951888bcb593b8e05aee52d
                                                                • Instruction Fuzzy Hash: 54119322B18E4295EB10DB27E4442B9A360FF68FA4F94C171D96DA3674DF3CD649C704
                                                                Function 00007FFE133084D0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                • String ID: argument$compress$contiguous buffer
                                                                • API String ID: 1731275941-2310704374
                                                                • Opcode ID: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                • Instruction ID: 86d61b786d589116147827ba6a5b12a50496472530ae3c61d5ce91c0a1a80655
                                                                • Opcode Fuzzy Hash: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                • Instruction Fuzzy Hash: F0119362B08E46C5EB20CF27E4402B96760FBA8B94F944171DA6D67635DF3CD54AC708
                                                                Function 00007FFE1A4D855C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                                                • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                                                • API String ID: 4240314503-2798848688
                                                                • Opcode ID: c3110628e0ff8c45ed48e6e42bc6a9de53dce8f64d393fbe66996934f00f37bc
                                                                • Instruction ID: 9ef813680980977f0758b112fab839694b55a75a80e669c05aaef59ce2a55a16
                                                                • Opcode Fuzzy Hash: c3110628e0ff8c45ed48e6e42bc6a9de53dce8f64d393fbe66996934f00f37bc
                                                                • Instruction Fuzzy Hash: BB113025B08E0282FB514B67D8602743352AFA5FB4F1046F6D92EC7BF1DE6CE4648340
                                                                Function 00007FFE1A4D7B9C Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_getprotobyname
                                                                • String ID: protocol not found$s:getprotobyname
                                                                • API String ID: 862796068-630402058
                                                                • Opcode ID: 5e26fb8bbdc9310467d939e6e5269e35e791270880cd3d67430df1cfafc901d3
                                                                • Instruction ID: c8814c5f6f8dd41631827312299bec79876213a18f2ee12a7d2d869325aaa8a8
                                                                • Opcode Fuzzy Hash: 5e26fb8bbdc9310467d939e6e5269e35e791270880cd3d67430df1cfafc901d3
                                                                • Instruction Fuzzy Hash: 24011E29B18E4282DA549B23E94417963A1FBA8FA1F5404F7CA4EC3B75DF3CD0648700
                                                                Function 00007FFE1A4D8170 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                                                • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                                                • API String ID: 717551241-4110412280
                                                                • Opcode ID: 084e9850ab497b4604530a89a794d3b40a20c62355ffc3e93d442b1fc817a547
                                                                • Instruction ID: 44eca1369f662e13ab67c61c93052ce2f6fb02ab196894d5d669f993ad8d5fee
                                                                • Opcode Fuzzy Hash: 084e9850ab497b4604530a89a794d3b40a20c62355ffc3e93d442b1fc817a547
                                                                • Instruction Fuzzy Hash: 92011A64B08D0282FA109B26E8500792372EFA5FB4F5401F7D61DC66B5DF3DE469C740
                                                                Function 00007FFE1A4D4F14 Relevance: 13.6, APIs: 9, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$ErrorFromLastLongclosesocket$CheckHandleInformationLong_SignalsStringWindowsmemset
                                                                • String ID:
                                                                • API String ID: 205095079-0
                                                                • Opcode ID: 7e2d04470de31f4351b15ac443bcd17531285cff5ddf6e7177ad4701d4908fb7
                                                                • Instruction ID: ec9539ff2de846d03f3c656a3120c219704e74b71c32b3f9b3ae44dcb57f2539
                                                                • Opcode Fuzzy Hash: 7e2d04470de31f4351b15ac443bcd17531285cff5ddf6e7177ad4701d4908fb7
                                                                • Instruction Fuzzy Hash: 77415335B0CF8281EA259B22E4443B963A1FF55FA4F0440B6DA8D46B65DF3DE0618780
                                                                Function 00007FFE1A4F662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                • API String ID: 1852475696-928371585
                                                                • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                • Instruction ID: 1bd7c864fe40f243d8e0b58faaefa6600444b324015d6c24d6aa137f39a01b31
                                                                • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                                                • Instruction Fuzzy Hash: 3651A462B19E8692EE20CB2AE9501F9A360FF44FA5F0054B3DA4D43679EF3CE115C700
                                                                Function 00007FFE1331246C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133124B8
                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133124FC
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE13312518
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE13312567
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                • String ID: Unable to allocate output buffer.
                                                                • API String ID: 76732796-2565006440
                                                                • Opcode ID: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                • Instruction ID: b2d66fabada7d5e0552adacf71ce8d10482b3b87a1b2d277ddb5e592b10508cc
                                                                • Opcode Fuzzy Hash: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                • Instruction Fuzzy Hash: 0C4141B6A05E02C9EB558F57D49026977A0FB68FA4F144472CE2D67766CF3CE491C308
                                                                Function 00007FFE1331083C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyDict_New.PYTHON312(?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13310849
                                                                  • Part of subcall function 00007FFE13310970: PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13310988
                                                                  • Part of subcall function 00007FFE13310970: PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13310999
                                                                  • Part of subcall function 00007FFE13310970: PyDict_SetItem.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE133109B4
                                                                • PyErr_Format.PYTHON312(?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13315C50
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13315C6C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                                                • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                                                • API String ID: 1484310907-3368833446
                                                                • Opcode ID: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                • Instruction ID: e39a6c2c476d7cfa532ba2a6b04c061272649d4e0f9e87cfc65fd3354af61d4d
                                                                • Opcode Fuzzy Hash: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                • Instruction Fuzzy Hash: BD412B31B08E03C9FA248F17D9501786760AF65BB4F1841B2CA3D6A6B2DF3CA4A5C708
                                                                Function 00007FFE1A4F6FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A4F71A3,?,?,00000000,00007FFE1A4F6FD4,?,?,?,?,00007FFE1A4F6D11), ref: 00007FFE1A4F7069
                                                                • GetLastError.KERNEL32(?,?,?,00007FFE1A4F71A3,?,?,00000000,00007FFE1A4F6FD4,?,?,?,?,00007FFE1A4F6D11), ref: 00007FFE1A4F7077
                                                                • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE1A4F71A3,?,?,00000000,00007FFE1A4F6FD4,?,?,?,?,00007FFE1A4F6D11), ref: 00007FFE1A4F7090
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A4F71A3,?,?,00000000,00007FFE1A4F6FD4,?,?,?,?,00007FFE1A4F6D11), ref: 00007FFE1A4F70A2
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FFE1A4F71A3,?,?,00000000,00007FFE1A4F6FD4,?,?,?,?,00007FFE1A4F6D11), ref: 00007FFE1A4F7110
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FFE1A4F71A3,?,?,00000000,00007FFE1A4F6FD4,?,?,?,?,00007FFE1A4F6D11), ref: 00007FFE1A4F711C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                • String ID: api-ms-
                                                                • API String ID: 916704608-2084034818
                                                                • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                • Instruction ID: c446bb7c454f4d917a9fc4fa11935df290a90d828db8493095cb23a6a8cb403d
                                                                • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                                                • Instruction Fuzzy Hash: B7319E21B1AE4295EE11DB0BA8006BA2394FF48FB5F1955F6ED1D8B3A1EF3CE5548300
                                                                Function 00007FFE1333C790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                • API String ID: 1563898963-3455802345
                                                                • Opcode ID: ff338362e5abe2334e11cb080246bf7f77446c403590bc40d540ec3316304a65
                                                                • Instruction ID: 042823891d98c357de428c0d8f64c8928bd9e705ac926ef8374489e0afe53615
                                                                • Opcode Fuzzy Hash: ff338362e5abe2334e11cb080246bf7f77446c403590bc40d540ec3316304a65
                                                                • Instruction Fuzzy Hash: 5D313C22A08F4289EE148B27E904269A3A1EB64FF5F14C671E93D677B4DF3DE5418304
                                                                Function 00007FFE13316380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFE13314D6B,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133163B8
                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFE13314D6B,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE1331641B
                                                                • PyList_Append.PYTHON312(?,?,?,00007FFE13314D6B,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE1331642F
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE13314D6B,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE1331644B
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE13314D6B,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE13316464
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                • API String ID: 1563898963-3455802345
                                                                • Opcode ID: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                • Instruction ID: 613aee5f22812084ce744c62640ade488a583967db60b22a704b561592795782
                                                                • Opcode Fuzzy Hash: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                • Instruction Fuzzy Hash: B8313822A08F42C9EA148B67E94412863A1FB64BF4F1446B1DE3D677B6DF3CE4859308
                                                                Function 00007FFE1333222C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_KeywordsLong_ModuleModule_StateType_
                                                                • String ID: BZ2Compressor
                                                                • API String ID: 694278274-1096114097
                                                                • Opcode ID: c29017a166be628f3c043c4071bfaebd4dc5a5912452c5fe267a8d3f159135bf
                                                                • Instruction ID: 2d5146a88e487c4e27adabe6a18d1d57cfe9352a8249a75c11fa781657f33401
                                                                • Opcode Fuzzy Hash: c29017a166be628f3c043c4071bfaebd4dc5a5912452c5fe267a8d3f159135bf
                                                                • Instruction Fuzzy Hash: 5F216531A0CE068DEA545B17D840279A3A0EB64FA0F4981B1DD6DE77B5DF7CE455C308
                                                                Function 00007FFE133336D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lockmemcpy
                                                                • String ID: End of stream already reached
                                                                • API String ID: 180092378-3466344095
                                                                • Opcode ID: 309d9335925c998c01d05fe5717c16006e6c4eec569cf43e6d0882e4142690fe
                                                                • Instruction ID: cf77ede572cebcdcf23ff6f8c57de4a681a9f175f3535afa3846869db8763f43
                                                                • Opcode Fuzzy Hash: 309d9335925c998c01d05fe5717c16006e6c4eec569cf43e6d0882e4142690fe
                                                                • Instruction Fuzzy Hash: D0112166A08E4189EA14DB63E844269A760FB98FE0F08C071DE2E53775CF3CE4558314
                                                                Function 00007FFE133095F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                • String ID: Already at end of stream
                                                                • API String ID: 2195683152-1334556646
                                                                • Opcode ID: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                • Instruction ID: 1d8aed86a155967efa4314e7d07280b5587dfb41c2224888da8900f754a31d97
                                                                • Opcode Fuzzy Hash: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                • Instruction Fuzzy Hash: DA113A22A08E81C9EA449B53E84416D7765FB98FE0F0850B1DE2E67775CF3CE455C308
                                                                Function 00007FFE133325FC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lock
                                                                • String ID: Compressor has been flushed
                                                                • API String ID: 1906554297-3904734015
                                                                • Opcode ID: 44824e688ac5818207e66a8fa07d8ee67426f91ffe2dff722fcdce01adc47589
                                                                • Instruction ID: ea17a204cf03968ada8436d27325be1b85ae4f0cb44c3b8d48a506f071a6bb53
                                                                • Opcode Fuzzy Hash: 44824e688ac5818207e66a8fa07d8ee67426f91ffe2dff722fcdce01adc47589
                                                                • Instruction Fuzzy Hash: 4C113A32A08E4286EA14DB13F844179A360FB98FE0B049072DE6EA7B74CF3CE491C344
                                                                Function 00007FFE13309010 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFE13308536), ref: 00007FFE13309036
                                                                • PyThread_release_lock.PYTHON312(?,?,?,00007FFE13308536), ref: 00007FFE13309068
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FFE13308536), ref: 00007FFE13309098
                                                                  • Part of subcall function 00007FFE13308564: PyType_GetModuleState.PYTHON312 ref: 00007FFE1330859D
                                                                  • Part of subcall function 00007FFE13308564: PyBytes_FromStringAndSize.PYTHON312 ref: 00007FFE133085B1
                                                                  • Part of subcall function 00007FFE13308564: PyList_New.PYTHON312 ref: 00007FFE133085C8
                                                                  • Part of subcall function 00007FFE13308564: PyEval_SaveThread.PYTHON312 ref: 00007FFE13308619
                                                                  • Part of subcall function 00007FFE13308564: PyEval_RestoreThread.PYTHON312 ref: 00007FFE13308633
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FFE13308536), ref: 00007FFE13314F44
                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FFE13308536), ref: 00007FFE13314F59
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FFE13308536), ref: 00007FFE13314F62
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                • String ID: Compressor has been flushed
                                                                • API String ID: 3871537485-3904734015
                                                                • Opcode ID: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                • Instruction ID: 9bc30374faf22082f8e206b77cd53400ad900c129e192c9e8b939437f5f71c46
                                                                • Opcode Fuzzy Hash: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                • Instruction Fuzzy Hash: 56112E21A08E81C9E694CB13E9442697765FB98FD0F045071DE6D67B35CF3CD055C308
                                                                Function 00007FFE1333200C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_SizeThread_release_lock
                                                                • String ID: Repeated call to flush()
                                                                • API String ID: 3236580226-194442007
                                                                • Opcode ID: 5871bef96599481079b609c1d245c472c7a68676c479b15d6616a7a45fe64ed0
                                                                • Instruction ID: 1ccbc46e978591721fcee3fe06fef01014cf7ae60b9a36aba74806e11618cb28
                                                                • Opcode Fuzzy Hash: 5871bef96599481079b609c1d245c472c7a68676c479b15d6616a7a45fe64ed0
                                                                • Instruction Fuzzy Hash: 1E114F32A0CE5286EA149B13E544179A360FB98FA0F048171DE2DA3B74CF3CE496C344
                                                                Function 00007FFE13312F1C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                • String ID: Repeated call to flush()
                                                                • API String ID: 3871537485-194442007
                                                                • Opcode ID: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                • Instruction ID: 9b8b9c5cc5e53b9b74b9d880165f011aa39cbffe92a0e6a13de9f6fab673ce5d
                                                                • Opcode Fuzzy Hash: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                • Instruction Fuzzy Hash: A0114221A08E82CAEA548B17E8442797761FB98FA0F045170DE2D67775CF3CE056C708
                                                                Function 00007FFE1A4D7E48 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 25networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                                                • API String ID: 1102113319-997571130
                                                                • Opcode ID: 6fe04cd82cc3000d18dcf2e81bb2daf4d1c2563f8a0b84c539f7a4416ede929e
                                                                • Instruction ID: 13ddb64e20c050f83a5bbdc147ae0dc0d6bd29f0bcfc3aca50c20b718dac5019
                                                                • Opcode Fuzzy Hash: 6fe04cd82cc3000d18dcf2e81bb2daf4d1c2563f8a0b84c539f7a4416ede929e
                                                                • Instruction Fuzzy Hash: 0FF0E765B08E8391EA648B17E8911782362AFA5F65F9044F7C54EC69B1CF2CE828C310
                                                                Function 00007FFE1A4F2C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1501936508-0
                                                                • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                • Instruction ID: 2bd58ecf0a99183ac0ad73353b5a0a8f8b2ccf9d8525686b023c6fa2ed292352
                                                                • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                                                • Instruction Fuzzy Hash: 2B51C131B0EF8281FAA59B1A95446BD6394AF54FB2B0550F7CE4E067B5DF3CE4628300
                                                                Function 00007FFE1A4F2E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$AdjustPointer
                                                                • String ID:
                                                                • API String ID: 1501936508-0
                                                                • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                • Instruction ID: 48e8fae50e63722f0a3b787569287ca0146316ff1a0b7334992c846f67b42db1
                                                                • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                                                • Instruction Fuzzy Hash: 83511321B1EE4281EAA5CB0BD5406BD6394AF48FB2F1960F7DA4D063B8CF3CE4618710
                                                                Function 00007FFE1A4FEB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: {for
                                                                • API String ID: 2943138195-864106941
                                                                • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                • Instruction ID: 5865eaca803ed4b5c6a88e36361268ca3e59d928ae09a6687cba9ff7607c4890
                                                                • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                                                • Instruction Fuzzy Hash: 95514972B09E86A9E7119F2AD4413F837A0EB45F5AF8090F2EA4C47AA5DF7CD565C300
                                                                Function 00007FFE13308564 Relevance: 10.6, APIs: 7, Instructions: 125threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                • String ID:
                                                                • API String ID: 2831925710-0
                                                                • Opcode ID: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                • Instruction ID: 0fa44b54b0eb671ba7fa1db58ab0edb24a9481b6e4f3889621957987290698e7
                                                                • Opcode Fuzzy Hash: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                • Instruction Fuzzy Hash: D3519222A09F46CAEA608B16D44016D67A4FB68B70F550275DFAD277A2DF3CE451C308
                                                                Function 00007FFE13339C6C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                • String ID: Unable to allocate output buffer.
                                                                • API String ID: 76732796-2565006440
                                                                • Opcode ID: 192d9c9cdf7fb7c81c0bae171a6cbb097aeaf5356c6e4851a41644aa9c401917
                                                                • Instruction ID: 5dcdcfe626ade5830eb2d65e81b4aeae2ca155f2328a81523a802b2c1a80795e
                                                                • Opcode Fuzzy Hash: 192d9c9cdf7fb7c81c0bae171a6cbb097aeaf5356c6e4851a41644aa9c401917
                                                                • Instruction Fuzzy Hash: 71410A76A09E06C9EB198F17C440369A7A0FB69FA4F188472DE2D67764CF3DE491C308
                                                                Function 00007FFE1A4FE174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::atol
                                                                • String ID: `template-parameter$void
                                                                • API String ID: 2130343216-4057429177
                                                                • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                • Instruction ID: bf5fb68153274147986fdef6d1e806d4c82b8d4ec1e8a382c973a853d9afc0ae
                                                                • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                                                • Instruction Fuzzy Hash: 3B416B61F08F5188FB108BAAD9512FD3370BB48FA9F5511B6CE0C56669EF7C91558340
                                                                Function 00007FFE1A4F8EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+Replicator::operator[]
                                                                • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                • API String ID: 1405650943-2211150622
                                                                • Opcode ID: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                • Instruction ID: 4fc201280fbf2c8c59e5ec4e4d027463f11c6f6ca47708178dcee27fa55ae43e
                                                                • Opcode Fuzzy Hash: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                                                • Instruction Fuzzy Hash: 4B414871B08E528CF7028B2AE8402FC3BA0BB49B69F8455F2CA4C1A365DF7CA550C350
                                                                Function 00007FFE1A4FACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: char $int $long $short $unsigned
                                                                • API String ID: 2943138195-3894466517
                                                                • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                • Instruction ID: ee595df804db83f18933e903a3e5ac204c1a878a8e4430cd0a516e289bd1b7e1
                                                                • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                                                • Instruction Fuzzy Hash: A1314A32B19E5188E7168B6ED8501FC3BB2BB09B6AF4491F2DA4D46B79DF3C9514C700
                                                                Function 00007FFE133322D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_StringThread_allocate_lockmemset
                                                                • String ID: Unable to allocate lock$compresslevel must be between 1 and 9
                                                                • API String ID: 451674277-2500606449
                                                                • Opcode ID: 3dccc7cd2452e4a8ba701b6261aeff0617572921f18deb801f63fe5c7fd59db8
                                                                • Instruction ID: b7d9655c3df2dbcb61d302ded6c5a60d7c3edbf8a3734c19d13f2c9a886903c1
                                                                • Opcode Fuzzy Hash: 3dccc7cd2452e4a8ba701b6261aeff0617572921f18deb801f63fe5c7fd59db8
                                                                • Instruction Fuzzy Hash: F8213E32A0DE0389EB199B26D444278A3A4AF64F75F14C1B1C52D922B5DF3CE445C319
                                                                Function 00007FFE13333838 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$Bytes_Err_FromSizeThread_allocate_lock
                                                                • String ID: Unable to allocate lock
                                                                • API String ID: 553681934-3516605728
                                                                • Opcode ID: 759680a25ddd07c6aa1ccb4943ed979172cd353d0607e0d9c42c479e1e040031
                                                                • Instruction ID: d2bd3e70df279f62ad03ab62098a728af375724da17085fc55ca2250f414f335
                                                                • Opcode Fuzzy Hash: 759680a25ddd07c6aa1ccb4943ed979172cd353d0607e0d9c42c479e1e040031
                                                                • Instruction Fuzzy Hash: 4C212E22E09F4289FB195F32D405378A2A4EF68F7AF04C0B4C92D593B5DF3CA4488318
                                                                Function 00007FFE13311F4C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                • String ID: Invalid filter specifier for delta filter$|OO&
                                                                • API String ID: 3027669873-2010576982
                                                                • Opcode ID: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                • Instruction ID: 1dbea32b10329719012b0f45159ce071f82e9c90d2b44a15023e93dd0e069672
                                                                • Opcode Fuzzy Hash: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                • Instruction Fuzzy Hash: 69113976A09E02CAEB008B12E8481A977B4FB64B64F504271C92D27372DF7DE40AC748
                                                                Function 00007FFE13311EC0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                • API String ID: 3027669873-3728029529
                                                                • Opcode ID: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                • Instruction ID: 94e3836e799db1b6a130e85a5ccce4fdb99ee5afd9afd42d8c2ccacaeee86efc
                                                                • Opcode Fuzzy Hash: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                • Instruction Fuzzy Hash: B9011775A08F02C9EB01CF22E8441A873A4FB68B60F5002B1CA2D67372DF3CE40AC758
                                                                Function 00007FFE1A4D8484 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                • String ID: expected int, %s found
                                                                • API String ID: 3347179618-1178442907
                                                                • Opcode ID: 1cbb25d059c373463275cb9141ec41ce007bb3d03350516039de7c41e169b97a
                                                                • Instruction ID: 4f1ad4963ba6d53d4e1f432dd2c5f56be6d12f09b64eed0dacd6bb5cc6344b46
                                                                • Opcode Fuzzy Hash: 1cbb25d059c373463275cb9141ec41ce007bb3d03350516039de7c41e169b97a
                                                                • Instruction Fuzzy Hash: 41F01D65B08E4282FA559B33A89417D2761BF69F65F2406F7D50EC26B1DF3CE468C300
                                                                Function 00007FFE1A4D7DD8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                • String ID: expected int, %s found
                                                                • API String ID: 3347179618-1178442907
                                                                • Opcode ID: b2daa29250e1f6628aa8a96a2420fefb0829875c2a9b427d46b77ebb6b88cbc8
                                                                • Instruction ID: 25a1fe1b9a15faaae631c1bcdb1ff8e09e9868ffc53f6df83a1078c10bcba030
                                                                • Opcode Fuzzy Hash: b2daa29250e1f6628aa8a96a2420fefb0829875c2a9b427d46b77ebb6b88cbc8
                                                                • Instruction Fuzzy Hash: 45F01265B08E4282EA949B22A85517823A1BF69FA5F1409F7D90EC36B1DF3CD874C300
                                                                Function 00007FFE1333C8E4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE1333C8F1
                                                                  • Part of subcall function 00007FFE1333C8A0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FFE1333B152), ref: 00007FFE1333C8D6
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE1333C91D
                                                                • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1333C937
                                                                Strings
                                                                • bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth, xrefs: 00007FFE1333C904
                                                                • *** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac, xrefs: 00007FFE1333C926
                                                                • 1.0.8, 13-Jul-2019, xrefs: 00007FFE1333C8F7
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func$__stdio_common_vfprintfexit
                                                                • String ID: bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth$*** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac$1.0.8, 13-Jul-2019
                                                                • API String ID: 77255540-989448446
                                                                • Opcode ID: 836efcf6b23a4585cd62e76ace601ecc2435689098995399630fc0c516941a58
                                                                • Instruction ID: 2b11f0b0bf84bae4d37bd8142429f2750a3419611058e56df1ca9f0bef00dac2
                                                                • Opcode Fuzzy Hash: 836efcf6b23a4585cd62e76ace601ecc2435689098995399630fc0c516941a58
                                                                • Instruction Fuzzy Hash: 40E06D24E18D064AFA185763E8952B8D315EF74F71F8080B9C96E2A3B29E6C25498359
                                                                Function 00007FFE1A4FADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$NameName::
                                                                • String ID:
                                                                • API String ID: 168861036-0
                                                                • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                • Instruction ID: ec3c7013daceebf60053cbf13e531c57c49ff3bb6daa6fc9aacdd6b7df0581cc
                                                                • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                                                • Instruction Fuzzy Hash: 5A717972F18E428DE711CB6AE8806FC37A1BB41B65F5490F6DA0D5B6A9CF7CA461C300
                                                                Function 00007FFE13332C08 Relevance: 9.1, APIs: 6, Instructions: 114threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocEval_Thread$Bytes_FromList_RestoreSaveSizeString
                                                                • String ID:
                                                                • API String ID: 722544280-0
                                                                • Opcode ID: 299e1a11eefcece535b48eefa17f910425dba9180d5bd0db985f057c361aac7e
                                                                • Instruction ID: 4b46c3a4e38851e863db882ce150b2e43e78de5a579cd56dee9e824c2e921bc8
                                                                • Opcode Fuzzy Hash: 299e1a11eefcece535b48eefa17f910425dba9180d5bd0db985f057c361aac7e
                                                                • Instruction Fuzzy Hash: 7C414B32E08F028AFA258B22D400279A2A0FF64F74F148675DE6DA77A1DF3CE551C748
                                                                Function 00007FFE1A4F69F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                • String ID:
                                                                • API String ID: 3741236498-0
                                                                • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                • Instruction ID: 77ad9b163f09b682942e3882cb7557f32ce96d55780825e9537816d26815e387
                                                                • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                                                • Instruction Fuzzy Hash: 0131A122B1AB9150EA11CB2A99045BA63A0FB4AFF1B5995B3DD2D033A0EE7DD451C300
                                                                Function 00007FFE13310970 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13310988
                                                                • PyUnicode_InternFromString.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13310999
                                                                • PyDict_SetItem.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE133109B4
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13315CBE
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FFE1331086D,?,?,?,00007FFE1331081A,?,?,?,?,?,00007FFE133107A5), ref: 00007FFE13315CD7
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocFromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                                                • String ID:
                                                                • API String ID: 252187852-0
                                                                • Opcode ID: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                • Instruction ID: c175a87a815b28744a3b720d3b8b2257beff9c8681e788d0aa6ac107de7ebd0b
                                                                • Opcode Fuzzy Hash: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                • Instruction Fuzzy Hash: 7C114631E0CE42C9FA154F23D924239B690AF6ABF5F0850B1D92D667B6DF3CE8558308
                                                                Function 00007FFE1A4D46B0 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                • String ID:
                                                                • API String ID: 863680558-0
                                                                • Opcode ID: 964070f957597cead12d681d8d9d4b975f1a861eb6e29b6fc22a496edc13ce25
                                                                • Instruction ID: ec2217df0d79cbb5b1034c0e2ed2b9edc6be4b8e740c67fdfe08188d33a4a81b
                                                                • Opcode Fuzzy Hash: 964070f957597cead12d681d8d9d4b975f1a861eb6e29b6fc22a496edc13ce25
                                                                • Instruction Fuzzy Hash: 43012135B19E4282E7509B67E44407967A1EF98FA1B5040B2D95EC3B76CE3CD4A58700
                                                                Function 00007FFE1A4D701C Relevance: 9.0, APIs: 6, Instructions: 32threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                                                • String ID:
                                                                • API String ID: 586723380-0
                                                                • Opcode ID: 88cad95bcb5dfa4951526296af0bf2ff21b88eb4dabe66cc17352eaa9c495d40
                                                                • Instruction ID: e188f5cc13ad1f5ae5a85228bcd20478dc5338c4cf3e2ee320e4649e3501274f
                                                                • Opcode Fuzzy Hash: 88cad95bcb5dfa4951526296af0bf2ff21b88eb4dabe66cc17352eaa9c495d40
                                                                • Instruction Fuzzy Hash: 9DF04424F1CE4781FA55ABA365480782256AF34FB4F0416F7C92EC27F2DF3CA0A48210
                                                                Function 00007FFE1A4F3F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2889003569-2084237596
                                                                • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                • Instruction ID: 3734e9741784082b9895b2efe5ae357516d9a3407412230662db386299ba482c
                                                                • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                                                • Instruction Fuzzy Hash: CC91A273B08B918AE711CB6AE8402FD77A0F744B99F1051BAEA8D07B69DF38D165C700
                                                                Function 00007FFE1A4FC540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                • API String ID: 2943138195-757766384
                                                                • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                • Instruction ID: 3b24928131af71a05f308fff43716c98538411ea1109be9ddfd6de6b50a9553d
                                                                • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                                                • Instruction Fuzzy Hash: 0A713772B0CE5288FB148F2A99500FC76A4BB05BA5F8465F7DA4D52AB9DF3CE160C304
                                                                Function 00007FFE1A4F3CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 2889003569-2084237596
                                                                • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                • Instruction ID: 4130a6ff55cf03074c5af9e561c25df2f6344b5d67ce2f542439a4589731c3ba
                                                                • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                                                • Instruction Fuzzy Hash: 50617432A08FC581D7619B16E4403FAB7A0FB85BA5F4452A6EB9D03765DF7CE1A4CB00
                                                                Function 00007FFE1A4F5C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: FileHeader
                                                                • String ID: MOC$RCC$csm$csm
                                                                • API String ID: 104395404-1441736206
                                                                • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                • Instruction ID: 303d154d326cc8939f0f7f8cd752f8dece136ec73d9267d54bd7a1b8e6771b1c
                                                                • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                                                • Instruction Fuzzy Hash: E6519132B0AA4286EAA09B3A91401BE76A0FF45F65F1460F3DE4D47765DF3CE4718782
                                                                Function 00007FFE133339F4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: combined CRCs: stored = 0x%08x, computed = 0x%08x$ {0x%08x, 0x%08x}
                                                                • API String ID: 0-2474432645
                                                                • Opcode ID: beca674fd8db362ae3c326a262006269a39a6cc495ac54829b8af714453b82f3
                                                                • Instruction ID: fd2f32864a7a4fbb25a344d41ea37e03c789ea95cd7087acff5caf0e31002769
                                                                • Opcode Fuzzy Hash: beca674fd8db362ae3c326a262006269a39a6cc495ac54829b8af714453b82f3
                                                                • Instruction Fuzzy Hash: CF418331E0DD428EEB648F369040278E290EB65F74F14D275D92E6B3E5DF3CA8818718
                                                                Function 00007FFE13310A68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PySequence_Size.PYTHON312(00000000,?,00000000,00007FFE13310A18), ref: 00007FFE13310A94
                                                                • PySequence_GetItem.PYTHON312(?,00000000,00007FFE13310A18), ref: 00007FFE13310AC7
                                                                  • Part of subcall function 00007FFE13310B5C: PyMapping_Check.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310B81
                                                                  • Part of subcall function 00007FFE13310B5C: PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310B9B
                                                                  • Part of subcall function 00007FFE13310B5C: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310BB0
                                                                  • Part of subcall function 00007FFE13310B5C: PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FFE13310AE3,?,00000000,00007FFE13310A18), ref: 00007FFE13310BC7
                                                                • PyErr_Format.PYTHON312(?,00000000,00007FFE13310A18), ref: 00007FFE13315D09
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                • String ID: Too many filters - liblzma supports a maximum of %d
                                                                • API String ID: 1062705235-2617632755
                                                                • Opcode ID: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                • Instruction ID: 6260ca680aabfabc89097b8668c1f7380ba316829b3f4975c156cae17c313414
                                                                • Opcode Fuzzy Hash: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                • Instruction Fuzzy Hash: 63318F21B08E02C9EA259F27A800139A650AB65FF8F184371DE3D277F6DE7CE0468308
                                                                Function 00007FFE133120DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$FormatOccurred
                                                                • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                • API String ID: 4038069558-4068623215
                                                                • Opcode ID: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                • Instruction ID: f28e73db6ca243e421454ce39aebb87fede9a6b4cda448153cb7753fd421adda
                                                                • Opcode Fuzzy Hash: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                • Instruction Fuzzy Hash: 8421A551B1CE46C9EA609B22E8403796360BFA9BB4F401271DA7E672F3DF6CE4458708
                                                                Function 00007FFE13333774 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Arg_$KeywordsModuleModule_PositionalStateType_
                                                                • String ID: BZ2Decompressor
                                                                • API String ID: 2980520244-1337346095
                                                                • Opcode ID: f57c856a1eaa85dad08e037339d259dc31bffbd300076d52cdc827e69f7ac027
                                                                • Instruction ID: 72f79bc3be63cd1bd285b63444c597f4f6439e607c076924f46c6820679a88d6
                                                                • Opcode Fuzzy Hash: f57c856a1eaa85dad08e037339d259dc31bffbd300076d52cdc827e69f7ac027
                                                                • Instruction Fuzzy Hash: 91215E22A09E4288EA509B13D8001B9A7A0FB64FF5F48C4B2DE6D67374DF3CE485C704
                                                                Function 00007FFE1A4D1060 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Capsule_DeallocPointer
                                                                • String ID: _socket.CAPI
                                                                • API String ID: 898671391-3774308389
                                                                • Opcode ID: 147324779042020adf52fa7f054c0f0e2125f6212a673ba3a80a163640bf1b1a
                                                                • Instruction ID: 4368175c6071018665ef95f85d43f710d1fe1b6bf1ee99e6e106355a922667da
                                                                • Opcode Fuzzy Hash: 147324779042020adf52fa7f054c0f0e2125f6212a673ba3a80a163640bf1b1a
                                                                • Instruction Fuzzy Hash: CA01DA36F49E42C5E6165F3AC85427833A5AB6AF35F5840F2CA5D819B2CF3DA5A1C310
                                                                Function 00007FFE1A4C10E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                • String ID: close$error
                                                                • API String ID: 4029360594-371397155
                                                                • Opcode ID: 0a630f88c3fb29b6303c131d10015d5f25b4110c9ff69da5c0eced729275bb56
                                                                • Instruction ID: a3cf0f78a89f6d584ca29192d27178f01c37e0a6e0d404d0aa28f3dfb3b5c36b
                                                                • Opcode Fuzzy Hash: 0a630f88c3fb29b6303c131d10015d5f25b4110c9ff69da5c0eced729275bb56
                                                                • Instruction Fuzzy Hash: 33F01D21B09F4795EB008B6AF4440B9A360BF09FA4B8441B7D91D473B8DE2CE5698300
                                                                Function 00007FFE1A4D4ABC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                • String ID: (is)$getaddrinfo failed
                                                                • API String ID: 3413694139-582941868
                                                                • Opcode ID: c34809af6fe48c3d98dc105baad316adadc833bdd741b3991c46394a393d3a53
                                                                • Instruction ID: e87ffa6162daa69c64bc67b8293de4492f9412fc82782d65a07e4822d51bd464
                                                                • Opcode Fuzzy Hash: c34809af6fe48c3d98dc105baad316adadc833bdd741b3991c46394a393d3a53
                                                                • Instruction Fuzzy Hash: EEF01935B05E4392EB05CB63F9541B523A1EF69F65F4844F2C95D86A75EE3CD4A4C300
                                                                Function 00007FFE1A4D4B14 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                • String ID: (is)$host not found
                                                                • API String ID: 3413694139-3306034047
                                                                • Opcode ID: e90ec528a1d937703f33ea49ca5fade7d46b30f37fbc55b9918f483f3cce63c4
                                                                • Instruction ID: 7d4e00c5e81103fad0a77ee37e0f3b54458948b87fa1f6e90a4a50bbe990d406
                                                                • Opcode Fuzzy Hash: e90ec528a1d937703f33ea49ca5fade7d46b30f37fbc55b9918f483f3cce63c4
                                                                • Instruction Fuzzy Hash: 7BF0FE35B09E4292EB158B63E8582B463A1EF68FA5F4444F2CA6D86A75DE3CD4A58300
                                                                Function 00007FFE1A4FA920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::$Name::operator+
                                                                • String ID:
                                                                • API String ID: 826178784-0
                                                                • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                • Instruction ID: fb470d5505ae2a55ee1f765c05356ea8e2827a17c9c68d4b1b464989831c4c5a
                                                                • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                                                • Instruction Fuzzy Hash: CB415822B18E5288EB10CB2AE9905FC37A4BB55FA1F9464F3DA4D537A5DF38E465C300
                                                                Function 00007FFE1A4C27F8 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: List_$DeallocItem
                                                                • String ID:
                                                                • API String ID: 1559017468-0
                                                                • Opcode ID: a3b86cd28f5a00db1039b6b37618db01fe58124a87f1d68f694451c2dc2a1ca4
                                                                • Instruction ID: 9400e0b9f90bcf7f757d6a2a49f691db257057826c4f059e80b623d315a01d4a
                                                                • Opcode Fuzzy Hash: a3b86cd28f5a00db1039b6b37618db01fe58124a87f1d68f694451c2dc2a1ca4
                                                                • Instruction Fuzzy Hash: 3B218C32B08B4296EB149F13A4442B9B3A0FB08FA4F8445B6CB4D43368DF7CE665C350
                                                                Function 00007FFE1A4C1070 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocModule_State
                                                                • String ID:
                                                                • API String ID: 1903735390-0
                                                                • Opcode ID: 2ce0c8c7188e7a3beb229335f2cd0a6251314470689c624f0e1d13b771884af1
                                                                • Instruction ID: 9b49c707ce68f4ccc81777b8ba1b420bf0f09cddce23eaaf0510a8778cb8a135
                                                                • Opcode Fuzzy Hash: 2ce0c8c7188e7a3beb229335f2cd0a6251314470689c624f0e1d13b771884af1
                                                                • Instruction Fuzzy Hash: 79212E31F4AF82D9FB554F7B881437832A4AB55F2AF9440F2C60E425A9CF7EA5648301
                                                                Function 00007FFE1331314C Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Module_State
                                                                • String ID:
                                                                • API String ID: 3434497292-0
                                                                • Opcode ID: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                • Instruction ID: ca490cbfcf4ee5293de1d3575b0f00e1f0ec06c5e1d9ba4483ec425e78e2733c
                                                                • Opcode Fuzzy Hash: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                • Instruction Fuzzy Hash: FC21D036D1AD02CDFB9A6F77C85833832A0AF65B39F1844B0C92E655A6CF7DA4458318
                                                                Function 00007FFE13339F74 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: Module_$FromModuleSpecTypeType_$State
                                                                • String ID:
                                                                • API String ID: 1138651315-0
                                                                • Opcode ID: 385c81540caf7594d2d79f420c7c64eb9f9f90bd2783a20cd1ed782b2f8c24c0
                                                                • Instruction ID: bea4a3690119810ce71da7b185bca59c2958f587881ae32e118ac1f70fe35a39
                                                                • Opcode Fuzzy Hash: 385c81540caf7594d2d79f420c7c64eb9f9f90bd2783a20cd1ed782b2f8c24c0
                                                                • Instruction Fuzzy Hash: ED015232B19F5285FB108B17E584639E394AF58FE0B449574EA6E66BB4DF3CE0448704
                                                                Function 00007FFE1A4D6E64 Relevance: 7.5, APIs: 5, Instructions: 39threadnetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_DuplicateParseRestoreSaveSizeSocketTuple_
                                                                • String ID:
                                                                • API String ID: 3898289384-0
                                                                • Opcode ID: c8e2bad8f66a6fb79bb8ed3b2e5e97b1d887adf2b3fc17a41d9c2dd7865fadd9
                                                                • Instruction ID: 97223a16dd31e26e1def5190d5e236b91de8d9440d4d12d7a839c162d8edc76d
                                                                • Opcode Fuzzy Hash: c8e2bad8f66a6fb79bb8ed3b2e5e97b1d887adf2b3fc17a41d9c2dd7865fadd9
                                                                • Instruction Fuzzy Hash: 40111665B1CFC182EA609B62E4483B96361FF68FA4F4001F7D95D47BA5DF3CD0658640
                                                                Function 00007FFE1A4D6F10 Relevance: 7.5, APIs: 5, Instructions: 33threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                                                • String ID:
                                                                • API String ID: 24305128-0
                                                                • Opcode ID: 6516a418a14a859acfa3d73bcf82298d2a1ff85a94d003fe5974aec2db2ce4ef
                                                                • Instruction ID: b7299085048d83ba38972df68ace24b210283bc5fbcbe998dce61254624d2524
                                                                • Opcode Fuzzy Hash: 6516a418a14a859acfa3d73bcf82298d2a1ff85a94d003fe5974aec2db2ce4ef
                                                                • Instruction Fuzzy Hash: D9013625F2CF4282EA505B73B5440796361AF68FB0B1449F6DA5EC3B75DF3CE4658210
                                                                Function 00007FFE1A4D7EB0 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_$DecodeDefaultErrnoFromLongLong_OccurredUnicode_Unsignedif_indextoname
                                                                • String ID:
                                                                • API String ID: 2382930745-0
                                                                • Opcode ID: 3cc25d69238de96e231579351c1bec566e97787018e5fdd4677d39b8f471e047
                                                                • Instruction ID: 59bbe50753a121f1b2c8d43788dd1417fc56ca541f6aae9b269f5bc95c2d2e94
                                                                • Opcode Fuzzy Hash: 3cc25d69238de96e231579351c1bec566e97787018e5fdd4677d39b8f471e047
                                                                • Instruction Fuzzy Hash: BB01FF25B18E4181EA219B32E8943B92391AFACF75F4009F6C94EC67B1DF3CE5648600
                                                                Function 00007FFE13332358 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func
                                                                • String ID: block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x
                                                                • API String ID: 711238415-3357347091
                                                                • Opcode ID: bae728a6bf01b28945588ec33f57403ca6373a91784663bbbb4fd72b5314d822
                                                                • Instruction ID: 290325488ecaa76797ec3ad6931cb64e6a870fb6e517f556c8b71da44cbfeaa3
                                                                • Opcode Fuzzy Hash: bae728a6bf01b28945588ec33f57403ca6373a91784663bbbb4fd72b5314d822
                                                                • Instruction Fuzzy Hash: 08613636B59A168AE620EF1BE4002B9B350EB95FA4F54C075CE2E57366CF7DE402CB44
                                                                Function 00007FFE1A4F470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4F6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4F29EE), ref: 00007FFE1A4F6E56
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4F488B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort
                                                                • String ID: $csm$csm
                                                                • API String ID: 4206212132-1512788406
                                                                • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                • Instruction ID: 44a5525744c80b5172d7caf067bfbb876628c2f409c6de67acdaee75ac11a819
                                                                • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                                                • Instruction Fuzzy Hash: 1771C832B08A8186D7618F2AD4407BD7B90FB45FAAF1491B6DA8D077AACF3CD561C740
                                                                Function 00007FFE1A4F44E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4F6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4F29EE), ref: 00007FFE1A4F6E56
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4F45DB
                                                                • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A4F45EB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                • String ID: csm$csm
                                                                • API String ID: 4108983575-3733052814
                                                                • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                • Instruction ID: 314cf33741e6f4aa7160f582d7cda0e80afcbec9e681453efb47c40312928ec8
                                                                • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                                                • Instruction Fuzzy Hash: D151B472B08A4186EB649B1A95402B876A0FB54FA6F1461F7DB4C47BA6CF3CE570CB00
                                                                Function 00007FFE1A4FB118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: NameName::
                                                                • String ID: %lf
                                                                • API String ID: 1333004437-2891890143
                                                                • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                • Instruction ID: 72106c7f523f846f2463d873bd76f7d8014bd895190ab2ccba2bd894a9661ca9
                                                                • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                                                • Instruction Fuzzy Hash: 0931B021B0CF4689EA119B17A9500FE77A0BF56FA1B4491F3EA8E83771DE2CE5128300
                                                                Function 00007FFE1A4D5450 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                                                • String ID: connect_ex$socket.connect
                                                                • API String ID: 3879675179-935070752
                                                                • Opcode ID: 414937b2a6d92fbc3da88fc1208311d46d9418bcea39934cf64ea2bb9134626d
                                                                • Instruction ID: ba19899ddf11308ec15c3c332612a7abe9b5f2d1b3d03f37e09b85635407ba74
                                                                • Opcode Fuzzy Hash: 414937b2a6d92fbc3da88fc1208311d46d9418bcea39934cf64ea2bb9134626d
                                                                • Instruction Fuzzy Hash: 93115E21B48E8291EB208B62F4107FA7760FF68BE4F5001F3DA4D87A65EE2CE124C740
                                                                Function 00007FFE1A4F2A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4F6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4F29EE), ref: 00007FFE1A4F6E56
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4F2A8E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abortterminate
                                                                • String ID: MOC$RCC$csm
                                                                • API String ID: 661698970-2671469338
                                                                • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                • Instruction ID: 66f70d33db7c32e538173b8dfe4b5abe47ced20681d6c3e601c2b39b7834db2b
                                                                • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                                                • Instruction Fuzzy Hash: 02F03C37A18A46C5E7646B6AE1810BE7664EF4CF62F1960F3DB4806266CF7CD4A0CB01
                                                                Function 00007FFE13311E7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,00000006,00007FFE13310CFC), ref: 00007FFE13311E89
                                                                • PyErr_Occurred.PYTHON312(?,?,00000006,00007FFE13310CFC), ref: 00007FFE13311E92
                                                                • PyErr_SetString.PYTHON312(?,?,00000006,00007FFE13310CFC), ref: 00007FFE1331607B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for uint32_t type
                                                                • API String ID: 944333170-1712686559
                                                                • Opcode ID: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                • Instruction ID: fbb8cb595badaa2cc7c95a1adf9274d79953f272587b6f58649cad9efbc65e69
                                                                • Opcode Fuzzy Hash: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                • Instruction Fuzzy Hash: 87F05E21F08E02C9EF105B67E4801786361AB68BA4F049070C92D5A372DE3CE485830C
                                                                Function 00007FFE13316490 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for lzma_match_finder type
                                                                • API String ID: 944333170-1161044407
                                                                • Opcode ID: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                • Instruction ID: 3473f73ea5437d4010e3fcfece73d0ffbc152a189e52c75df7f74cd45790c218
                                                                • Opcode Fuzzy Hash: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                • Instruction Fuzzy Hash: C2F08221B08E47C9EF104F53F9801386360AF68BA4F0850B4CE2D1A372DE3CE4C5A308
                                                                Function 00007FFE133164E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for lzma_mode type
                                                                • API String ID: 944333170-1290617251
                                                                • Opcode ID: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                • Instruction ID: 61b70ef8baa48a13f8b6fc6498bdc7b7c83052d4986adf1ee5eee02dd441b63b
                                                                • Opcode Fuzzy Hash: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                • Instruction Fuzzy Hash: 05F08221B08E43C9EF504F53F4841386760AF68BB4F586074CD2E1A77ACE3CE4959308
                                                                Function 00007FFE1A4D678C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FFE1A4D67CB
                                                                • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FFE1A4D67A5
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_FormatFromStringUnicode_
                                                                • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                                                • API String ID: 1884982852-285600062
                                                                • Opcode ID: adbad624c4c56f29da8e25935a1100d7f970daaacfccf8b58daafbc43e48176e
                                                                • Instruction ID: e90388308e7eaa9183f3c90542f472d524421740f70f832a436b65b486a9a893
                                                                • Opcode Fuzzy Hash: adbad624c4c56f29da8e25935a1100d7f970daaacfccf8b58daafbc43e48176e
                                                                • Instruction Fuzzy Hash: 6EF0BD65B1890686DA109B1AD4404783362FB65FB8F6047B2C96D876F4DE2DE426C700
                                                                Function 00007FFE1A4FA638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID:
                                                                • API String ID: 2943138195-0
                                                                • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                • Instruction ID: 4f67f457aa477286eb6c93e42a50ad92d1fa9469fc403eb35bae7658dd9bf534
                                                                • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                                                • Instruction Fuzzy Hash: C9915762F08E5289FB118B6AD8403FC37B0BB44B69F5490F7DA4D276A5DF78A856C340
                                                                Function 00007FFE1330838C Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyType_GetModuleState.PYTHON312(?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133083C1
                                                                  • Part of subcall function 00007FFE13312574: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FFE133083DB,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133125AB
                                                                  • Part of subcall function 00007FFE13312574: PyList_New.PYTHON312(?,?,?,00007FFE133083DB,?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133125BE
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133083E8
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE13308401
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000000,?,?,?,00007FFE13308041), ref: 00007FFE133084C1
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                • String ID:
                                                                • API String ID: 2935988267-0
                                                                • Opcode ID: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                • Instruction ID: 8dc1581ff08ef56c680e9e84df5f02bedb9745d17fe177140a682b1a0f6e2fca
                                                                • Opcode Fuzzy Hash: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                • Instruction Fuzzy Hash: 7F41A626A09F42CDEA648F27D4401BD2BA4FFA4BA8F540175DA2D6B765DF3CE485C308
                                                                Function 00007FFE1A4FD274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+$Replicator::operator[]
                                                                • String ID:
                                                                • API String ID: 3863519203-0
                                                                • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                • Instruction ID: b7ae8fc743ac3ca1ce1a2f65493b606ac16f162767ed55032384d6bc01e66fbc
                                                                • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                                                • Instruction Fuzzy Hash: 8C416272B08B8289FB01CF6AD8403FC37A0BB49B69F9490A6CE8C57769DF789455C350
                                                                Function 00007FFE1A4D4594 Relevance: 6.1, APIs: 4, Instructions: 75threadtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveTime_Timeval_clampselect
                                                                • String ID:
                                                                • API String ID: 3905867726-0
                                                                • Opcode ID: 12a889711c2c2e54b49b1f454469c8620633830652707fbfba1c602784efdac5
                                                                • Instruction ID: afd13bd1669da828c4361c9894095fd0fa4e7e4d077223ea68080346c69adcf7
                                                                • Opcode Fuzzy Hash: 12a889711c2c2e54b49b1f454469c8620633830652707fbfba1c602784efdac5
                                                                • Instruction Fuzzy Hash: 35318872708F8186D7608F26A8543B963A0FB98BB4F5406B6DB6E83BA5DF3DD4158700
                                                                Function 00007FFE1A4D5790 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                                                • String ID:
                                                                • API String ID: 772546412-0
                                                                • Opcode ID: bb4860f722e20605b845678caae1940802489a0c30753b108cbd7cf2fc4f76aa
                                                                • Instruction ID: a1a868acaaa6273b0c56ca094b6cf689f16a954805f041d9ba5420d10d3e5d3b
                                                                • Opcode Fuzzy Hash: bb4860f722e20605b845678caae1940802489a0c30753b108cbd7cf2fc4f76aa
                                                                • Instruction Fuzzy Hash: 66111225B18FC281EA709B62F4443BEA361FB94B94F4041B3DA8D57A59DF3CE1158740
                                                                Function 00007FFE1A4D56D0 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                                                • String ID:
                                                                • API String ID: 1387529023-0
                                                                • Opcode ID: 6217d1f52f68499da46158bc7b5de8f19134ea31d65d8230de025008c52050e8
                                                                • Instruction ID: 1b9889ab2b367d20643b59f52d626d90c2f1992ebbd9a5fb47323864b848de79
                                                                • Opcode Fuzzy Hash: 6217d1f52f68499da46158bc7b5de8f19134ea31d65d8230de025008c52050e8
                                                                • Instruction Fuzzy Hash: 75112125B1CFC282EA709B62F5443BE6361FB98B94F4041B3DA8D57A69DF3CE1158B40
                                                                Function 00007FFE133076FC Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: DeallocFreeMem_Thread_free_lock
                                                                • String ID:
                                                                • API String ID: 2783890233-0
                                                                • Opcode ID: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                • Instruction ID: 7b1c077dbb9c7dbed4377e95a56cdd92f5df45551785b81c50e6b4e54c8c0f92
                                                                • Opcode Fuzzy Hash: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                • Instruction Fuzzy Hash: 85111222A09D42D9EA5A4F67D55437C3360EF64FE4F184070DA2E56575CF3CA455C308
                                                                Function 00007FFE1A4C165C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151941670.00007FFE1A4C1000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFE1A4C0000, based on PE: true
                                                                • Associated: 00000006.00000002.2151926520.00007FFE1A4C0000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151958048.00007FFE1A4C3000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151973270.00007FFE1A4C5000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151987843.00007FFE1A4C6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4c0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 7f6b854855521a5eeb54a69c346efd32b0b439a43f7217cfd0872cc224e201bb
                                                                • Instruction ID: 8437e8c92d52eafcf875f049bc0806379e3b763e548aec0330b49ce8833a0bc2
                                                                • Opcode Fuzzy Hash: 7f6b854855521a5eeb54a69c346efd32b0b439a43f7217cfd0872cc224e201bb
                                                                • Instruction Fuzzy Hash: 19113326B14F019AEB00CF72E8543B833A4F759B68F840D72DA5D86768DF7CE1648380
                                                                Function 00007FFE1A5009FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                • Instruction ID: 9b89a2fee2db3e07bb7bd55a0ea09912b8ad82ee58104a6a7ba4e751ef64a16b
                                                                • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                                                • Instruction Fuzzy Hash: 8C113022B19F018AEB00CF61E9642BD33A4F71AB68F441E72DE6D467A4DF7CD1588340
                                                                Function 00007FFDFA898960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2150862915.00007FFDFA6F1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFA6F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2150846102.00007FFDFA6F0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151114828.00007FFDFA972000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151114828.00007FFDFA992000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151114828.00007FFDFA9A1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151114828.00007FFDFAA17000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151114828.00007FFDFAAE2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151360650.00007FFDFABE6000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151412682.00007FFDFAC53000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151427857.00007FFDFAC55000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151441174.00007FFDFAC56000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151453720.00007FFDFAC57000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151469981.00007FFDFAC59000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151517450.00007FFDFACDF000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151530847.00007FFDFACE1000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151544274.00007FFDFACEB000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151571866.00007FFDFAD10000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151590450.00007FFDFAD11000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151604600.00007FFDFAD12000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151617465.00007FFDFAD13000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151631754.00007FFDFAD15000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151649873.00007FFDFAD21000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151664478.00007FFDFAD22000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151692228.00007FFDFAD64000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151708830.00007FFDFAD81000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffdfa6f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: d2285d0ca78b08e9284e6539fe4cd286835083a25521d89012cfe7de672bd859
                                                                • Instruction ID: c0b829474d34cae4ad171429073f47a1c4c618125793e53b43667ba4d1d838ae
                                                                • Opcode Fuzzy Hash: d2285d0ca78b08e9284e6539fe4cd286835083a25521d89012cfe7de672bd859
                                                                • Instruction Fuzzy Hash: 6E115226B14F058AEB04CF60E8A46B833A4FB19B58F440E31DA6E877E8DF7CD5548350
                                                                Function 00007FFE1333A640 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151850239.00007FFE13331000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                • Associated: 00000006.00000002.2151831070.00007FFE13330000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151874793.00007FFE1333E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151891417.00007FFE13342000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151905929.00007FFE13343000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13330000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: c9d2bc6b1f4b90143cfcf8b72833dd591a01bb31496536103f8e1994dd480a1d
                                                                • Instruction ID: 1a82c6f6aad00f007e15f9f98bbbb7af18562526b6eb503e2f64ae8ee4817bf0
                                                                • Opcode Fuzzy Hash: c9d2bc6b1f4b90143cfcf8b72833dd591a01bb31496536103f8e1994dd480a1d
                                                                • Instruction Fuzzy Hash: AE112E22B15F018AFB00CF62E8552B833A4FB29B68F440E31DA6D967A4DF7CD1548350
                                                                Function 00007FF74709D6F4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2150419088.00007FF747071000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF747070000, based on PE: true
                                                                • Associated: 00000006.00000002.2150403054.00007FF747070000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                • Associated: 00000006.00000002.2150451826.00007FF7470BC000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                • Associated: 00000006.00000002.2150472259.00007FF7470D6000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                • Associated: 00000006.00000002.2150489983.00007FF7470E1000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ff747070000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 3e9bf284f51a014416bd2e884015404433c55462ee1280fbdb526b963edf0727
                                                                • Instruction ID: 8fdc3765a4fe91a8d6014c9a1d929ddb96a0eaa8753b4a59bcfc56cbf1658b64
                                                                • Opcode Fuzzy Hash: 3e9bf284f51a014416bd2e884015404433c55462ee1280fbdb526b963edf0727
                                                                • Instruction Fuzzy Hash: 5A115222B19F01CAEB00EFA4E8542B973A4FB59758F840E31EA6D867B4DF7CD1598350
                                                                Function 00007FFE13313A1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                • Instruction ID: 8604af2c1082f06f0d81ae416735c9648299c207c0f89ca6427ceed3f992f561
                                                                • Opcode Fuzzy Hash: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                • Instruction Fuzzy Hash: 5A112726B14F058EEB00CF61E8542B833B4FB29768F441E31EA6DA67A5DF7CD1988344
                                                                Function 00007FFE1A4D5338 Relevance: 6.0, APIs: 4, Instructions: 29threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                • String ID:
                                                                • API String ID: 1624953543-0
                                                                • Opcode ID: 469834960f5fb333051253006ecc6c4dbb46e8df025279c03e012d890aa341a8
                                                                • Instruction ID: cd0464c3e851e1b38ef3907d3346d238db2b679e1199ae93ca7fbe28ccbd0f1c
                                                                • Opcode Fuzzy Hash: 469834960f5fb333051253006ecc6c4dbb46e8df025279c03e012d890aa341a8
                                                                • Instruction Fuzzy Hash: E9F06D66B08F4182E6545B67A4440783365AB29FB0B1807F2DA7A83BF1CF7CD4A18640
                                                                Function 00007FFE1A4FF670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind
                                                                • String ID: csm
                                                                • API String ID: 451473138-1018135373
                                                                • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                • Instruction ID: a541653dac02a44c5630e85e40913ae860e53c8b08d2531a224e636785a290ba
                                                                • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                                                • Instruction Fuzzy Hash: C751C032B19A028BDB148F1AE444ABD6791EB44FA9F1091B6DA4D437A8DF3DE851C740
                                                                Function 00007FFE1A4F4E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abort$CreateFrameInfo
                                                                • String ID: csm
                                                                • API String ID: 2697087660-1018135373
                                                                • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                • Instruction ID: 7192c136b3aabd4b77d1aa8f174ecadbe2f3b96a5fc83f6f505dd778695bf64c
                                                                • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                                                • Instruction Fuzzy Hash: 15511E37718B8186D6609B2AE4402BE77A4F789BA1F1411B6EF8D07B65CF3CD461CB01
                                                                Function 00007FFE1A4FA524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Name::operator+
                                                                • String ID: void$void
                                                                • API String ID: 2943138195-3746155364
                                                                • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                • Instruction ID: 8f5d18470d8f755c23bcff267121aa79eb92f86e3510708954ac81c6716ad90f
                                                                • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                                                • Instruction Fuzzy Hash: 4F312562F18E658CFB01CBA9E8400FC37B0BB49B59F4425B6EA8E52B69DF3C9154C740
                                                                Function 00007FFE1A4D4B6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4D8654: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE1A4D8698
                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE1A4D3FC0), ref: 00007FFE1A4D4C47
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152018428.00007FFE1A4D1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE1A4D0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152002914.00007FFE1A4D0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152039306.00007FFE1A4D9000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152056586.00007FFE1A4E1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152071527.00007FFE1A4E3000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4d0000_l4.jbxd
                                                                Similarity
                                                                • API ID: Err_String__stdio_common_vsscanf
                                                                • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                                                • API String ID: 3283897942-3956635471
                                                                • Opcode ID: 82460378f9390543d5d03a976a5082cfe22b1e135c935a62461cff4db5ddd525
                                                                • Instruction ID: a91677eba158356650fef66a78625e09f50e1d469e8bc7d9dca90febb1462929
                                                                • Opcode Fuzzy Hash: 82460378f9390543d5d03a976a5082cfe22b1e135c935a62461cff4db5ddd525
                                                                • Instruction Fuzzy Hash: 9221BD71718A8592DB10CB02E8880BC73A2F754BA0F418176EAAC47B64DF3DD868C710
                                                                Function 00007FFE1A4F676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: FileHeader$ExceptionRaise
                                                                • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                • API String ID: 3685223789-3176238549
                                                                • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                • Instruction ID: 2d52890e27266e1045717feb7ea625f81b4544dc45a95d281e64930c9e93b385
                                                                • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                                                • Instruction Fuzzy Hash: 8A015E61B1EE86A1EE00DB2AE9511B9A360EF90F65F4064F3E50E07679EF6CD518C710
                                                                Function 00007FFE1A4F6B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                • Instruction ID: c2a3ced317b128a22cf1c9eb84be2f7bf9c8049709dcc53c1a6f43edb3c91313
                                                                • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                                                • Instruction Fuzzy Hash: 55115132608F8082EB508F25E40026AB7E4FB88FA5F1842B2DF8C07765DF3CC5518700
                                                                Function 00007FFE1A4FF420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFE1A4F6E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A4F29EE), ref: 00007FFE1A4F6E56
                                                                • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A4FF45A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: abortterminate
                                                                • String ID: csm$f
                                                                • API String ID: 661698970-629598281
                                                                • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                • Instruction ID: 1bf685561e05bfe03a1b44826482ad423b8cbd36fa7dfb036f7154093da9f454
                                                                • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                                                • Instruction Fuzzy Hash: 8AE06C36E08B5141E7505B36B1401BD6654AF59F76F1490F6DB4806666CE3CD4B04B41
                                                                Function 00007FFE13309D80 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2151746856.00007FFE13301000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE13300000, based on PE: true
                                                                • Associated: 00000006.00000002.2151730827.00007FFE13300000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE13318000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151769773.00007FFE1331C000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151800672.00007FFE13324000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                • Associated: 00000006.00000002.2151816130.00007FFE13325000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe13300000_l4.jbxd
                                                                Similarity
                                                                • API ID: memcpy$memmove
                                                                • String ID:
                                                                • API String ID: 1283327689-0
                                                                • Opcode ID: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                • Instruction ID: 8f1cecf0f8250f88e5fe64a0572f77b7c1ece38095aadb386f220196bac04045
                                                                • Opcode Fuzzy Hash: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                • Instruction Fuzzy Hash: FC31F632708A45CBD6149F2BA40407DF761F768BA0B580139DBAE67BB5DE3CE852C704
                                                                Function 00007FFE1A4F6E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FFE1A4F6CE9,?,?,?,?,00007FFE1A500582,?,?,?,?,?), ref: 00007FFE1A4F6E83
                                                                • SetLastError.KERNEL32(?,?,?,00007FFE1A4F6CE9,?,?,?,?,00007FFE1A500582,?,?,?,?,?), ref: 00007FFE1A4F6F0C
                                                                Memory Dump Source
                                                                • Source File: 00000006.00000002.2152103347.00007FFE1A4F1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                • Associated: 00000006.00000002.2152086161.00007FFE1A4F0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152127914.00007FFE1A503000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152144427.00007FFE1A508000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000006.00000002.2152160274.00007FFE1A509000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_6_2_7ffe1a4f0000_l4.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast
                                                                • String ID:
                                                                • API String ID: 1452528299-0
                                                                • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                • Instruction ID: 6c989468e135db99a66ca2bf1d3a623f8e718ed8844c1e459e8576c483cc362a
                                                                • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                                                • Instruction Fuzzy Hash: 30116021F0DE8282FA51873BA9102B96291AF49FB1F0456F6E92E067F5DE2CA8518710