Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VegaStealer_v2.exe

Overview

General Information

Sample name:VegaStealer_v2.exe
Analysis ID:1581760
MD5:9f4f298bcf1d208bd3ce3907cfb28480
SHA1:05c1cfde951306f8c6e9d484d3d88698c4419c62
SHA256:bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc
Tags:exeVegaStealeruser-aachum
Infos:

Detection

Ades Stealer, BlackGuard, NitroStealer, VEGA Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Ades Stealer
Yara detected BlackGuard
Yara detected Nitro Stealer
Yara detected Telegram RAT
Yara detected Telegram Recon
Yara detected VEGA Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • VegaStealer_v2.exe (PID: 6268 cmdline: "C:\Users\user\Desktop\VegaStealer_v2.exe" MD5: 9F4F298BCF1D208BD3CE3907CFB28480)
    • v2.exe (PID: 3120 cmdline: "C:\Users\user\AppData\Local\Temp\v2.exe" MD5: 3F62213D184B639A0A62BCB1E65370A8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
BlackGuardAccording to Zscaler, BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP credentials, saved browser credentials, and email clients.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.blackguard

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\v2.exeJoeSecurity_TelegramReconYara detected Telegram ReconJoe Security
    C:\Users\user\AppData\Local\Temp\v2.exeJoeSecurity_NitroStealerYara detected Nitro StealerJoe Security
      C:\Users\user\AppData\Local\Temp\v2.exeJoeSecurity_BlackGuardYara detected BlackGuardJoe Security
        C:\Users\user\AppData\Local\Temp\v2.exeJoeSecurity_VEGAStealerYara detected VEGA StealerJoe Security
          C:\Users\user\AppData\Local\Temp\v2.exeJoeSecurity_AdesStealerYara detected Ades StealerJoe Security
            Click to see the 8 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_VEGAStealerYara detected VEGA StealerJoe Security
              00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_NitroStealerYara detected Nitro StealerJoe Security
                00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_BlackGuardYara detected BlackGuardJoe Security
                  00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_VEGAStealerYara detected VEGA StealerJoe Security
                    00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_AdesStealerYara detected Ades StealerJoe Security
                      Click to see the 26 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      1.0.v2.exe.820000.0.unpackJoeSecurity_NitroStealerYara detected Nitro StealerJoe Security
                        1.0.v2.exe.820000.0.unpackJoeSecurity_BlackGuardYara detected BlackGuardJoe Security
                          1.0.v2.exe.820000.0.unpackJoeSecurity_VEGAStealerYara detected VEGA StealerJoe Security
                            1.0.v2.exe.820000.0.unpackJoeSecurity_AdesStealerYara detected Ades StealerJoe Security
                              1.0.v2.exe.820000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                                Click to see the 7 entries

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Startup Folder File Write
                                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\VegaStealer_v2.exe, ProcessId: 6268, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: VegaStealer_v2.exeAvira: detected
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeAvira: detection malicious, Label: HEUR/AGEN.1307418
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeReversingLabs: Detection: 83%
                                Multi AV Scanner detection for submitted file
                                Source: VegaStealer_v2.exeVirustotal: Detection: 95%Perma Link
                                Source: VegaStealer_v2.exeReversingLabs: Detection: 97%
                                Yara detected BlackGuard
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: VegaStealer_v2.exeJoe Sandbox ML: detected

                                Location Tracking

                                barindex
                                Tries to detect the country of the analysis system (by using the IP)
                                Source: unknownDNS query: name: freegeoip.app
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFE69D0 SIffb8076c269e2a85,SI8b0d9e6837e61abc,SIffb8076c269e2a85,SI8b0d9e6837e61abc,CryptCreateHash,GetLastError,SIdb45e174afb28e2c,SI905dcc543d48caab,CryptHashData,GetLastError,SIdb45e174afb28e2c,SI905dcc543d48caab,CryptDeriveKey,GetLastError,SI9a326fe0ddbebf12,SI1bf8975e567ea97a,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,SIaa0f8e0c251cfd1d,SIaa0f8e0c251cfd1d,CryptDestroyKey,CryptDestroyHash,1_2_6BFE69D0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF21A40 CryptReleaseContext,SIaa0f8e0c251cfd1d,1_2_6BF21A40
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFEF920 sqlite3_cryptoapi_init,CryptReleaseContext,SIaa0f8e0c251cfd1d,CryptAcquireContextW,GetLastError,SIdb45e174afb28e2c,1_2_6BFEF920
                                Source: VegaStealer_v2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                Source: unknownHTTPS traffic detected: 172.67.160.84:443 -> 192.168.2.4:49730 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.67.209.71:443 -> 192.168.2.4:49731 version: TLS 1.2
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: v2.exe, v2.exe, 00000001.00000002.1772302619.00000000066F2000.00000002.00000001.01000000.00000008.sdmp, System.Data.SQLite.dll.0.dr
                                Source: Binary string: rop.pdb source: VegaStealer_v2.exe, 00000000.00000003.1670423287.00000000031CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/net40/EntityFramework.SqlServer.pdb source: VegaStealer_v2.exe, 00000000.00000003.1674907341.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.SqlServer.dll.0.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: v2.exe, v2.exe, 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.dr
                                Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2010\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.dr
                                Source: Binary string: :.pdbSH source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: /_/artifacts/obj/EntityFramework/Release/net40/EntityFramework.pdb source: VegaStealer_v2.exe, 00000000.00000003.1674366236.0000000003421000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.dll.0.dr
                                Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/net40/EntityFramework.SqlServer.pdbSHA256$ source: VegaStealer_v2.exe, 00000000.00000003.1674907341.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.SqlServer.dll.0.dr
                                Source: Binary string: pto.pdb source: VegaStealer_v2.exe, 00000000.00000003.1671335080.00000000031C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: .pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1675111189.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.Linq.2010\Release\System.Data.SQLite.Linq.pdb source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr
                                Source: Binary string: BouncyCastle.Crypto.pdb source: v2.exe, v2.exe, 00000001.00000002.1773613664.00000000079C2000.00000002.00000001.01000000.0000000A.sdmp, BouncyCastle.Crypto.dll.0.dr
                                Source: Binary string: /_/artifacts/obj/EntityFramework/Release/net40/EntityFramework.pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1674366236.0000000003421000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.dll.0.dr
                                Source: Binary string: .pdbSHA2562$ source: VegaStealer_v2.exe, 00000000.00000003.1675035082.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2010\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: .pdb` source: VegaStealer_v2.exe, 00000000.00000003.1668465146.0000000002D59000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1773613664.00000000079C2000.00000002.00000001.01000000.0000000A.sdmp, BouncyCastle.Crypto.dll.0.dr
                                Source: Binary string: :.pdb source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Crypto.pdb source: VegaStealer_v2.exe, 00000000.00000003.1671335080.00000000031C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.EF6.2010\Release\System.Data.SQLite.EF6.pdb source: VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.EF6.dll.0.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.dr
                                Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: ipbase.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /json/?fields=61439 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /json/?fields=61439 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                                Source: Joe Sandbox ViewIP Address: 172.67.209.71 172.67.209.71
                                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                Source: unknownDNS query: name: ip-api.com
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /xml/ HTTP/1.1Host: ipbase.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /json/?fields=61439 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /json/?fields=61439 HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficDNS traffic detected: DNS query: freegeoip.app
                                Source: global trafficDNS traffic detected: DNS query: ipbase.com
                                Source: global trafficDNS traffic detected: DNS query: ip-api.com
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 28 Dec 2024 21:31:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeAge: 11734Cache-Control: public,max-age=0,must-revalidateCache-Status: "Netlify Edge"; hitVary: Accept-EncodingX-Nf-Request-Id: 01JG7JW88GNP7H170AZY6ZR0JFcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMsdpy52Ljn034NqniOCtz3kb7%2BPM3Re%2FnMqwAdR6m%2FGK11489eYINNJFA9upXbkTT98LUSpYtQfL2q1HHoFRMx2tT7%2BR%2FN7Om2x%2B7WGIowT0%2B4hKhJcpULC7qf7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f94a7d48b3d727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2031&min_rtt=2012&rtt_var=792&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=678&delivery_rate=1349353&cwnd=232&unsent_bytes=0&cid=1702e8071a78c8ec&ts=523&x=0"
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675111189.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.di
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1670423287.00000000031CB000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1668465146.0000000002D59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crPl3.d
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.d
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675743529.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert
                                Source: VegaStealer_v2.exe, 00000000.00000003.1670423287.00000000031CB000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1668465146.0000000002D59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.cPom/D
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: System.Data.SQLite.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.micr
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.micro
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microso
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsof
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft
                                Source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002F36000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drString found in binary or memory: http://ip-api.com/json/?fields=61439
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002F36000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=61439d
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002F36000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.comd
                                Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
                                Source: v2.exe, 00000001.00000002.1773344472.00000000076A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.0/
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675111189.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.c
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.dr, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://ocsp.digicert.com0H
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://ocsp.digicert.com0I
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.dr, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1669197730.000000000305E000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.dr, Newtonsoft.Json.dll.0.dr, SQLite.Interop.dll.0.dr, System.Data.SQLite.dll.0.dr, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002C8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.vimeworld.ru/user/name/
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drString found in binary or memory: https://freegeoip.app/xml/9https://api.telegram.org/botGhttps://api.vimeworld.ru/user/name/1--------
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: https://github.com/novotnyllc/bc-csharp
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipbase.com
                                Source: v2.exe, 00000001.00000002.1766165520.0000000002C20000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipbase.com/xml/
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drString found in binary or memory: https://steamcommunity.com/profiles/ASOFTWARE
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://support.mozilla.org
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                                Source: v2.exe, 00000001.00000002.1768833657.0000000003CAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefo
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                                Source: v2.exe, 00000001.00000002.1768833657.0000000003C8F000.00000004.00000800.00020000.00000000.sdmp, tmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.dr, History.txt.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                                Source: tmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                                Source: v2.exe, 00000001.00000002.1768833657.0000000003C8F000.00000004.00000800.00020000.00000000.sdmp, tmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.dr, History.txt.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                                Source: tmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                                Source: System.Data.SQLite.dll.0.drString found in binary or memory: https://system.data.sqlite.org/
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1772408987.0000000006754000.00000002.00000001.01000000.00000008.sdmp, System.Data.SQLite.dll.0.drString found in binary or memory: https://system.data.sqlite.org/X
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.dr, Information.txt.1.drString found in binary or memory: https://t.me/VegaStealer_bot
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drString found in binary or memory: https://t.me/VegaStealer_bot-/sendDocument?chat_id=
                                Source: System.Data.SQLite.dll.0.drString found in binary or memory: https://urn.to/r/sds_see
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://www.ecosia.org/newtab/
                                Source: v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://www.mozilla.org
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                                Source: History.txt0.1.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/)
                                Source: v2.exe, 00000001.00000002.1768833657.0000000004244000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1768833657.0000000003CAF000.00000004.00000800.00020000.00000000.sdmp, tmp60D4.tmp.tmpdb.1.dr, tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                                Source: tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                                Source: v2.exe, 00000001.00000002.1768833657.0000000004244000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1768833657.0000000003CAF000.00000004.00000800.00020000.00000000.sdmp, tmp60D4.tmp.tmpdb.1.dr, tmp6196.tmp.tmpdb.1.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/json
                                Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                                Source: v2.exe, v2.exe, 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drString found in binary or memory: https://www.sqlite.org/copyright.html2
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/lang
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_aggfunc.html
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/lang_c
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drString found in binary or memory: https://www.sqlite.org/lang_corefunc.html
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                                Source: unknownHTTPS traffic detected: 172.67.160.84:443 -> 192.168.2.4:49730 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.67.209.71:443 -> 192.168.2.4:49731 version: TLS 1.2

                                E-Banking Fraud

                                barindex
                                Yara detected BlackGuard
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: Detect the Lighting infostealer based on specific strings Author: Sekoia.io
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: Detects A310Logger Author: ditekSHen
                                Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTRMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTRMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: Detect the Lighting infostealer based on specific strings Author: Sekoia.io
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: Finds StormKitty samples (or their variants) based on specific strings Author: Sekoia.io
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: Detects executables referencing Discord tokens regular expressions Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: Detects executables referencing many VPN software clients. Observed in infosteslers Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: Detects A310Logger Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_060129741_2_06012974
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_066F6B971_2_066F6B97
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF961601_2_6BF96160
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFA5D801_2_6BFA5D80
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF6EBD01_2_6BF6EBD0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF84B501_2_6BF84B50
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF02AD01_2_6BF02AD0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF76AA01_2_6BF76AA0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF56A701_2_6BF56A70
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF169301_2_6BF16930
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF869001_2_6BF86900
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF148701_2_6BF14870
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF708101_2_6BF70810
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF948001_2_6BF94800
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEF8FEE1_2_6BEF8FEE
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF00E771_2_6BF00E77
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF36DD01_2_6BF36DD0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFA0D901_2_6BFA0D90
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFE6C501_2_6BFE6C50
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF3E3501_2_6BF3E350
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF662601_2_6BF66260
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF0024A1_2_6BF0024A
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF861D01_2_6BF861D0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF0C1C01_2_6BF0C1C0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFD21001_2_6BFD2100
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFAC0C01_2_6BFAC0C0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF0079B1_2_6BF0079B
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF146F01_2_6BF146F0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF986A01_2_6BF986A0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF2A5F01_2_6BF2A5F0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEF45891_2_6BEF4589
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF205501_2_6BF20550
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF924C01_2_6BF924C0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF0A4A01_2_6BF0A4A0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFC04A01_2_6BFC04A0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF024911_2_6BF02491
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF724001_2_6BF72400
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFD1B801_2_6BFD1B80
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF21B101_2_6BF21B10
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFE3A901_2_6BFE3A90
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF9DA801_2_6BF9DA80
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF9FA501_2_6BF9FA50
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFCDA501_2_6BFCDA50
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF5D8001_2_6BF5D800
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF33FA01_2_6BF33FA0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFCFE401_2_6BFCFE40
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF27D701_2_6BF27D70
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEFFCF91_2_6BEFFCF9
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF57C901_2_6BF57C90
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF9F3A01_2_6BF9F3A0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF073401_2_6BF07340
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BFB13401_2_6BFB1340
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dll E51721DC0647F4838B1ABC592BD95FD8CB924716E8A64F83D4B947821FA1FA42
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: String function: 6BF49320 appears 141 times
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: String function: 6BF6FC90 appears 225 times
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.Linq.dllH vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBouncyCastle.Crypto.dll\ vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.EF6.dllH vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSystem.Data.SQLite.dllH vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNatasha.exe. vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSQLite.Interop.dllF vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNewtonsoft.Json.dll2 vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSQLite.Interop.dllF vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1674366236.0000000003421000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEntityFramework.dllV vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exe, 00000000.00000003.1674907341.00000000031CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEntityFramework.SqlServer.dllV vs VegaStealer_v2.exe
                                Source: VegaStealer_v2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_lighting author = Sekoia.io, description = Detect the Lighting infostealer based on specific strings, creation_date = 2022-04-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/04/05/inside-lightning-stealer/, id = 3c160c16-f417-4fa2-aa44-fb7b981fb2b3
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                                Source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207
                                Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: infostealer_win_lighting author = Sekoia.io, description = Detect the Lighting infostealer based on specific strings, creation_date = 2022-04-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/04/05/inside-lightning-stealer/, id = 3c160c16-f417-4fa2-aa44-fb7b981fb2b3
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: infostealer_win_stormkitty author = Sekoia.io, description = Finds StormKitty samples (or their variants) based on specific strings, creation_date = 2023-03-29, classification = TLP:CLEAR, version = 1.0, id = 5014d2e5-af5c-4800-ab1e-b57de37a2450
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex author = ditekSHen, description = Detects executables referencing Discord tokens regular expressions
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_References_VPN author = ditekSHen, description = Detects executables referencing many VPN software clients. Observed in infosteslers
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPEDMatched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207
                                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/49@3/3
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile created: C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeMutant created: NULL
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\SQLite.Interop.dllJump to behavior
                                Source: VegaStealer_v2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                                Source: v2.exe, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                                Source: v2.exeBinary or memory string: CREATE TABLE {0}(x);
                                Source: tmp60E5.tmp.dat.1.dr, b9e4174c-82c2-4759-99c0-e47dbf6f7a67.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                Source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                                Source: VegaStealer_v2.exeVirustotal: Detection: 95%
                                Source: VegaStealer_v2.exeReversingLabs: Detection: 97%
                                Source: v2.exeString found in binary or memory: /configuration/appSettings/add[@key='{0}']
                                Source: unknownProcess created: C:\Users\user\Desktop\VegaStealer_v2.exe "C:\Users\user\Desktop\VegaStealer_v2.exe"
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeProcess created: C:\Users\user\AppData\Local\Temp\v2.exe "C:\Users\user\AppData\Local\Temp\v2.exe"
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeProcess created: C:\Users\user\AppData\Local\Temp\v2.exe "C:\Users\user\AppData\Local\Temp\v2.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: VegaStealer_v2.exeStatic file information: File size 8068096 > 1048576
                                Source: VegaStealer_v2.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x7afe00
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.2010\Release\System.Data.SQLite.pdb source: v2.exe, v2.exe, 00000001.00000002.1772302619.00000000066F2000.00000002.00000001.01000000.00000008.sdmp, System.Data.SQLite.dll.0.dr
                                Source: Binary string: rop.pdb source: VegaStealer_v2.exe, 00000000.00000003.1670423287.00000000031CB000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/net40/EntityFramework.SqlServer.pdb source: VegaStealer_v2.exe, 00000000.00000003.1674907341.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.SqlServer.dll.0.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: v2.exe, v2.exe, 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.dr
                                Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2010\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.dr
                                Source: Binary string: :.pdbSH source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: /_/artifacts/obj/EntityFramework/Release/net40/EntityFramework.pdb source: VegaStealer_v2.exe, 00000000.00000003.1674366236.0000000003421000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.dll.0.dr
                                Source: Binary string: /_/artifacts/obj/EntityFramework.SqlServer/Release/net40/EntityFramework.SqlServer.pdbSHA256$ source: VegaStealer_v2.exe, 00000000.00000003.1674907341.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.SqlServer.dll.0.dr
                                Source: Binary string: pto.pdb source: VegaStealer_v2.exe, 00000000.00000003.1671335080.00000000031C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: .pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1675111189.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.Linq.2010\Release\System.Data.SQLite.Linq.pdb source: VegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr
                                Source: Binary string: BouncyCastle.Crypto.pdb source: v2.exe, v2.exe, 00000001.00000002.1773613664.00000000079C2000.00000002.00000001.01000000.0000000A.sdmp, BouncyCastle.Crypto.dll.0.dr
                                Source: Binary string: /_/artifacts/obj/EntityFramework/Release/net40/EntityFramework.pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1674366236.0000000003421000.00000004.00000020.00020000.00000000.sdmp, EntityFramework.dll.0.dr
                                Source: Binary string: .pdbSHA2562$ source: VegaStealer_v2.exe, 00000000.00000003.1675035082.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2010\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: .pdb` source: VegaStealer_v2.exe, 00000000.00000003.1668465146.0000000002D59000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1773613664.00000000079C2000.00000002.00000001.01000000.0000000A.sdmp, BouncyCastle.Crypto.dll.0.dr
                                Source: Binary string: :.pdb source: VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: Crypto.pdb source: VegaStealer_v2.exe, 00000000.00000003.1671335080.00000000031C8000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2010\System.Data.SQLite.EF6.2010\Release\System.Data.SQLite.EF6.pdb source: VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.EF6.dll.0.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256 source: VegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.dr
                                Source: BouncyCastle.Crypto.dll.0.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEF7B85 push ecx; ret 1_2_6BEF7B98
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\EntityFramework.SqlServer.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\EntityFramework.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeFile created: C:\Users\user\AppData\Local\Temp\v2.exeJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                Malware Analysis System Evasion

                                barindex
                                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drBinary or memory string: SBIEDLL.DLL
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeMemory allocated: 11B0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeMemory allocated: 2BC0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 600000Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599860Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599735Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599610Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599485Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599315Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599188Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599063Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598914Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598813Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598704Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598579Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598454Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598329Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598204Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598079Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597954Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597829Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597704Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597579Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597454Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597329Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597204Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597079Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596954Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596829Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596704Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596579Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596454Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596329Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596204Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596079Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595907Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595782Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595657Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595532Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595407Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595282Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595157Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595048Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594923Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594798Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594673Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594548Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWindow / User API: threadDelayed 7102Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWindow / User API: threadDelayed 1507Jump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\EntityFramework.SqlServer.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\SQLite.Interop.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\EntityFramework.dllJump to dropped file
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeAPI coverage: 2.8 %
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -600000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599860s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599735s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599610s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599485s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599315s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599188s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -599063s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598914s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598813s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598704s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598579s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598454s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598329s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598204s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -598079s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597954s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597829s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597704s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597579s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597454s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597329s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597204s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -597079s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596954s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596829s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596704s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596579s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596454s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596329s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596204s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -596079s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595907s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595782s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595657s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595532s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595407s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595282s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595157s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -595048s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -594923s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -594798s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -594673s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3844Thread sleep time: -594548s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 3616Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exe TID: 2260Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT ProcessorId FROM Win32_Processor
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF8F1A0 GetSystemInfo,1_2_6BF8F1A0
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 600000Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599860Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599735Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599610Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599485Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599315Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599188Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 599063Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598914Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598813Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598704Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598579Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598454Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598329Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598204Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 598079Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597954Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597829Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597704Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597579Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597454Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597329Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597204Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 597079Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596954Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596829Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596704Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596579Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596454Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596329Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596204Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 596079Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595907Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595782Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595657Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595532Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595407Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595282Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595157Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 595048Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594923Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594798Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594673Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 594548Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: v2.exe.0.drBinary or memory string: vmware, inc.
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676125545.0000000000D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: }\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: v2.exe.0.drBinary or memory string: vmware7,1
                                Source: v2.exe.0.drBinary or memory string: vmware
                                Source: v2.exe, 00000001.00000002.1765524976.0000000000F18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeAPI call chain: ExitProcess graph end nodegraph_0-13
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEF43E3 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6BEF43E3
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF18910 _memset,OutputDebugStringA,GetProcessHeap,OutputDebugStringA,GetLastError,lstrlenW,HeapAlloc,OutputDebugStringA,_memset,GetEnvironmentVariableW,OutputDebugStringA,GetLastError,OutputDebugStringA,_memset,GetModuleFileNameW,lstrlenW,OutputDebugStringA,lstrcatW,lstrcatW,lstrcatW,lstrcatW,GetFileAttributesW,OutputDebugStringA,OutputDebugStringA,GetLastError,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,WinVerifyTrust,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_memset,GetEnvironmentVariableW,OutputDebugStringA,_memset,GetCurrentThreadId,GetCurrentProcessId,wsprintfW,_memset,GetEnvironmentVariableW,SetEnvironmentVariableW,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,HeapFree,_memset,OutputDebugStringA,1_2_6BF18910
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeCode function: 0_2_00401AE1 GetCommandLineA,GetModuleHandleA,GetProcessHeap,ExitProcess,PathFindFileNameA,0_2_00401AE1
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEF43E3 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6BEF43E3
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeMemory allocated: page read and write | page guardJump to behavior
                                Source: C:\Users\user\Desktop\VegaStealer_v2.exeProcess created: C:\Users\user\AppData\Local\Temp\v2.exe "C:\Users\user\AppData\Local\Temp\v2.exe" Jump to behavior

                                Language, Device and Operating System Detection

                                barindex
                                Yara detected Telegram Recon
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\v2.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BEFA8D4 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_6BEFA8D4
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                Stealing of Sensitive Information

                                barindex
                                Yara detected Ades Stealer
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected BlackGuard
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected Nitro Stealer
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected Telegram RAT
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected VEGA Stealer
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Found many strings related to Crypto-Wallets (likely being stolen)
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676810492.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx_V
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusDir
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum
                                Source: VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %\Wallets\DashCore\)\DashCore\wallet.dat#\Electrum\wallets%\Wallets\Electrum\%\Ethereum\keystore%\Wallets\Ethereum\-\Exodus\exodus.wallet\!\Wallets\Exodus\m\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
                                Source: VegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: [Org.BouncyCastle.Pkcs12.IgnoreUselessPasswordtrueqpassword supplied for keystore that does not require one
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                                Tries to steal Crypto Currency Wallets
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED

                                Remote Access Functionality

                                barindex
                                Yara detected Ades Stealer
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected BlackGuard
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected Nitro Stealer
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected Telegram RAT
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Yara detected VEGA Stealer
                                Source: Yara matchFile source: 1.0.v2.exe.820000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1766165520.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: VegaStealer_v2.exe PID: 6268, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: v2.exe PID: 3120, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\v2.exe, type: DROPPED
                                Source: C:\Users\user\AppData\Local\Temp\v2.exeCode function: 1_2_6BF19200 GetModuleHandleW,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_memset,OutputDebugStringA,1_2_6BF19200

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		11
                                Process Injection                                		1
                                Masquerading                                		1
                                OS Credential Dumping                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		21
                                Encrypted Channel                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts2
                                Command and Scripting Interpreter                                		Boot or Logon Initialization Scripts1
                                DLL Side-Loading                                		1
                                Disable or Modify Tools                                		LSASS Memory351
                                Security Software Discovery                                		Remote Desktop Protocol3
                                Data from Local System                                		3
                                Ingress Tool Transfer                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)151
                                Virtualization/Sandbox Evasion                                		Security Account Manager1
                                Process Discovery                                		SMB/Windows Admin SharesData from Network Shared Drive3
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                                Process Injection                                		NTDS151
                                Virtualization/Sandbox Evasion                                		Distributed Component Object ModelInput Capture4
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                Deobfuscate/Decode Files or Information                                		LSA Secrets1
                                Application Window Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                                Obfuscated Files or Information                                		Cached Domain Credentials1
                                System Network Configuration Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                Timestomp                                		DCSync1
                                File and Directory Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                                DLL Side-Loading                                		Proc Filesystem25
                                System Information Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581760 Sample: VegaStealer_v2.exe Startdate: 28/12/2024 Architecture: WINDOWS Score: 100 23 freegeoip.app 2->23 25 ipbase.com 2->25 27 ip-api.com 2->27 35 Malicious sample detected (through community Yara rule) 2->35 37 Antivirus / Scanner detection for submitted sample 2->37 39 Multi AV Scanner detection for submitted file 2->39 43 8 other signatures 2->43 7 VegaStealer_v2.exe 17 2->7         started        signatures3 41 Tries to detect the country of the analysis system (by using the IP) 23->41 process4 file5 15 C:\Users\user\AppData\Local\Temp\v2.exe, PE32 7->15 dropped 17 C:\Users\user\...\System.Data.SQLite.dll, PE32 7->17 dropped 19 C:\Users\user\...\System.Data.SQLite.Linq.dll, PE32 7->19 dropped 21 6 other malicious files 7->21 dropped 45 Found many strings related to Crypto-Wallets (likely being stolen) 7->45 47 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->47 11 v2.exe 15 113 7->11         started        signatures6 process7 dnsIp8 29 ip-api.com 208.95.112.1, 49732, 49733, 80 TUT-ASUS United States 11->29 31 freegeoip.app 172.67.160.84, 443, 49730 CLOUDFLARENETUS United States 11->31 33 ipbase.com 172.67.209.71, 443, 49731 CLOUDFLARENETUS United States 11->33 49 Antivirus detection for dropped file 11->49 51 Multi AV Scanner detection for dropped file 11->51 53 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 11->53 55 3 other signatures 11->55 signatures9

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                VegaStealer_v2.exe96%VirustotalBrowse
                                VegaStealer_v2.exe97%ReversingLabsWin32.Hacktool.Vbinder
                                VegaStealer_v2.exe100%AviraHEUR/AGEN.1339346
                                VegaStealer_v2.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\v2.exe100%AviraHEUR/AGEN.1307418
                                C:\Users\user\AppData\Local\Temp\v2.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\EntityFramework.SqlServer.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\EntityFramework.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\SQLite.Interop.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll0%ReversingLabs
                                C:\Users\user\AppData\Local\Temp\v2.exe83%ReversingLabsByteCode-MSIL.Infostealer.Stealgen

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://ocsp.digicert.c0%Avira URL Cloudsafe
                                http://ns.adobe.0/0%Avira URL Cloudsafe
                                http://go.microsoft0%Avira URL Cloudsafe
                                http://go.microsof0%Avira URL Cloudsafe
                                https://api.vimeworld.ru/user/name/0%Avira URL Cloudsafe
                                https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1250%Avira URL Cloudsafe
                                http://crl3.digicert.cPom/D0%Avira URL Cloudsafe
                                http://cacerts.di0%Avira URL Cloudsafe
                                http://go.micr0%Avira URL Cloudsafe
                                http://go.microso0%Avira URL Cloudsafe
                                http://ip-api.comd0%Avira URL Cloudsafe
                                http://crPl3.d0%Avira URL Cloudsafe
                                http://crl3.digicert0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                ipbase.com
                                		172.67.209.71
                                		truefalse
                                  		high
                                  ip-api.com
                                  		208.95.112.1
                                  		truefalse
                                    		high
                                    freegeoip.app
                                    		172.67.160.84
                                    		truefalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://ip-api.com/json/?fields=61439false
                                        		high
                                        https://freegeoip.app/xml/false
                                          		high
                                          https://ipbase.com/xml/false
                                            		high

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabv2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                              		high
                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFtmp6196.tmp.tmpdb.1.drfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                  		high
                                                  https://api.telegram.org/botv2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://freegeoip.appv2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ocsp.digicert.cVegaStealer_v2.exe, 00000000.00000003.1675111189.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://system.data.sqlite.org/XVegaStealer_v2.exe, 00000000.00000003.1676045047.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1772408987.0000000006754000.00000002.00000001.01000000.00000008.sdmp, System.Data.SQLite.dll.0.drfalse
                                                        		high
                                                        https://www.newtonsoft.com/jsonVegaStealer_v2.exe, 00000000.00000003.1675591692.00000000031C8000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.0.drfalse
                                                          		high
                                                          http://ip-api.com/json/?fields=61439dv2.exe, 00000001.00000002.1766165520.0000000002F36000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                              		high
                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17v2.exe, 00000001.00000002.1768833657.0000000003C8F000.00000004.00000800.00020000.00000000.sdmp, tmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.dr, History.txt.1.drfalse
                                                                		high
                                                                http://go.microsVegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://ns.adobe.0/v2.exe, 00000001.00000002.1773344472.00000000076A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125v2.exe, 00000001.00000002.1766165520.0000000002C8B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://go.microsofVegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://go.micrVegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installtmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.drfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchv2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                                      		high
                                                                      http://ip-api.comv2.exe, 00000001.00000002.1766165520.0000000002F36000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.vimeworld.ru/user/name/v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://go.microsoftVegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.sqlite.org/lang_corefunc.htmlVegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drfalse
                                                                          		high
                                                                          https://t.me/VegaStealer_botVegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.dr, Information.txt.1.drfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namev2.exe, 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ipbase.comv2.exe, 00000001.00000002.1766165520.0000000002C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://cacerts.diVegaStealer_v2.exe, 00000000.00000003.1675111189.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crl3.digicert.cPom/DVegaStealer_v2.exe, 00000000.00000003.1670423287.00000000031CB000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1668465146.0000000002D59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.sqlite.org/lang_cVegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://t.me/VegaStealer_bot-/sendDocument?chat_id=VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drfalse
                                                                                    		high
                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icov2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                                                      		high
                                                                                      http://go.microsoVegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://steamcommunity.com/profiles/ASOFTWAREVegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drfalse
                                                                                        		high
                                                                                        http://crl3.digicertVegaStealer_v2.exe, 00000000.00000003.1675743529.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://www.sqlite.org/lang_aggfunc.htmlVegaStealer_v2.exe, 00000000.00000003.1676526433.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676354121.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, System.Data.SQLite.Linq.dll.0.dr, System.Data.SQLite.EF6.dll.0.drfalse
                                                                                          		high
                                                                                          http://ip-api.comdv2.exe, 00000001.00000002.1766165520.0000000002F36000.00000004.00000800.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://support.mozilla.org/products/firefov2.exe, 00000001.00000002.1768833657.0000000003CAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                                                              		high
                                                                                              http://go.microsoft.VegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016v2.exe, 00000001.00000002.1768833657.0000000003C8F000.00000004.00000800.00020000.00000000.sdmp, tmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.dr, History.txt.1.drfalse
                                                                                                  		high
                                                                                                  https://www.sqlite.org/copyright.html2VegaStealer_v2.exe, 00000000.00000003.1669197730.0000000002EAC000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1670843784.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmp, SQLite.Interop.dll.0.drfalse
                                                                                                    		high
                                                                                                    http://crPl3.dVegaStealer_v2.exe, 00000000.00000003.1670423287.00000000031CB000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1668465146.0000000002D59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.ecosia.org/newtab/v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brtmp6196.tmp.tmpdb.1.drfalse
                                                                                                        		high
                                                                                                        http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.0.drfalse
                                                                                                          		high
                                                                                                          https://freegeoip.app/xml/9https://api.telegram.org/botGhttps://api.vimeworld.ru/user/name/1--------VegaStealer_v2.exe, 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, v2.exe, 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, v2.exe.0.drfalse
                                                                                                            		high
                                                                                                            https://ac.ecosia.org/autocomplete?q=v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                                                                              		high
                                                                                                              http://go.microVegaStealer_v2.exe, 00000000.00000003.1673193963.00000000031C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.sqlite.org/langVegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.0.drfalse
                                                                                                                    		high
                                                                                                                    https://www.nuget.org/packages/Newtonsoft.Json.Bsonv2.exe, v2.exe, 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Newtonsoft.Json.dll.0.drfalse
                                                                                                                      		high
                                                                                                                      https://support.mozilla.orgtmp6196.tmp.tmpdb.1.drfalse
                                                                                                                        		high
                                                                                                                        https://urn.to/r/sds_seeSystem.Data.SQLite.dll.0.drfalse
                                                                                                                          		high
                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplestmp6115.tmp.dat.1.dr, tmp6135.tmp.dat.1.drfalse
                                                                                                                            		high
                                                                                                                            https://system.data.sqlite.org/System.Data.SQLite.dll.0.drfalse
                                                                                                                              		high
                                                                                                                              https://github.com/novotnyllc/bc-csharpVegaStealer_v2.exe, 00000000.00000003.1672426233.00000000033D9000.00000004.00000020.00020000.00000000.sdmp, BouncyCastle.Crypto.dll.0.drfalse
                                                                                                                                		high
                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=v2.exe, 00000001.00000002.1768833657.00000000041C8000.00000004.00000800.00020000.00000000.sdmp, tmp6165.tmp.dat.1.dr, tmp60C4.tmp.dat.1.drfalse
                                                                                                                                  		high
                                                                                                                                  http://crl3.dVegaStealer_v2.exe, 00000000.00000003.1676099242.0000000000DCA000.00000004.00000020.00020000.00000000.sdmp, VegaStealer_v2.exe, 00000000.00000003.1676554027.0000000000DCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    208.95.112.1
                                                                                                                                    		ip-api.comUnited States
                                                                                                                                    		53334TUT-ASUSfalse
                                                                                                                                    172.67.209.71
                                                                                                                                    		ipbase.comUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    172.67.160.84
                                                                                                                                    		freegeoip.appUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                    Analysis ID:1581760
                                                                                                                                    Start date and time:2024-12-28 22:30:12 +01:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 5m 57s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:3
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:VegaStealer_v2.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@3/49@3/3
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 72%
                                                                                                                                    • Number of executed functions: 40
                                                                                                                                    • Number of non-executed functions: 213
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): SIHClient.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50
                                                                                                                                    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    16:31:06API Interceptor45x Sleep call for process: v2.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    208.95.112.1SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                    • ip-api.com/json/
                                                                                                                                    SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                    • ip-api.com/json/?fields=61439
                                                                                                                                    987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                    good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                    • ip-api.com/json/
                                                                                                                                    Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                    • ip-api.com/json/
                                                                                                                                    DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                    • ip-api.com/json/?fields=225545
                                                                                                                                    main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                    • ip-api.com/json/8.46.123.189?fields=192511
                                                                                                                                    main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • ip-api.com/json/8.46.123.189?fields=192511
                                                                                                                                    HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                    • ip-api.com/json/?fields=225545
                                                                                                                                    dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                    • ip-api.com/line/?fields=hosting
                                                                                                                                    172.67.209.71SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                      External.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                        xj40xovMsm.exeGet hashmaliciousAsyncRAT, AveMaria, Keyzetsu Clipper, MicroClip, PureLog Stealer, RL STEALER, RedLineBrowse
                                                                                                                                          qdHMT36Tn9.exeGet hashmalicious44Caliber Stealer, Njrat, Rags StealerBrowse
                                                                                                                                            dudick SystemDesk Important Crediential Notification 1.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                                                                                123.scr.exeGet hashmaliciousRags StealerBrowse
                                                                                                                                                  SecuriteInfo.com.FileRepMalware.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                    case (426).xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                      case (61).xlsGet hashmaliciousUnknownBrowse

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        ipbase.comSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 104.21.85.189
                                                                                                                                                        SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        ypauPrrA08.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                        • 104.21.85.189
                                                                                                                                                        Loader.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                        • 104.21.85.189
                                                                                                                                                        Nursultan.exeGet hashmalicious44Caliber Stealer, BlackGuard, Blank Grabber, Rags Stealer, Umbral Stealer, XWormBrowse
                                                                                                                                                        • 104.21.85.189
                                                                                                                                                        External.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        xj40xovMsm.exeGet hashmaliciousAsyncRAT, AveMaria, Keyzetsu Clipper, MicroClip, PureLog Stealer, RL STEALER, RedLineBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        Pots.exeGet hashmalicious44userber Stealer, Rags StealerBrowse
                                                                                                                                                        • 104.21.85.189
                                                                                                                                                        qdHMT36Tn9.exeGet hashmalicious44Caliber Stealer, Njrat, Rags StealerBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        64drop.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                                                                                                                                        • 104.21.85.189
                                                                                                                                                        freegeoip.appSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                        • 104.21.73.97
                                                                                                                                                        ypauPrrA08.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Loader.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Nursultan.exeGet hashmalicious44Caliber Stealer, BlackGuard, Blank Grabber, Rags Stealer, Umbral Stealer, XWormBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        External.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        Insidious_protected.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                        • 188.114.96.3
                                                                                                                                                        nyen2eabmfb.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        Cheat.exeGet hashmalicious44Caliber Stealer, BlackGuard, Rags StealerBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        B5U2ccQ8H1.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                        • 188.114.97.3
                                                                                                                                                        ip-api.comSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                        • 208.95.112.1

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        CLOUDFLARENETUSSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        aimware.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        • 172.67.132.55
                                                                                                                                                        https://belasting.online-factuur.comGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.171.151
                                                                                                                                                        https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310Get hashmaliciousKnowBe4Browse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        gdi32.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.66.86
                                                                                                                                                        Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.157.254
                                                                                                                                                        Crosshair-X.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.66.86
                                                                                                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.165.214
                                                                                                                                                        !Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 104.26.3.16
                                                                                                                                                        TUT-ASUSSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        987656789009800.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 162.252.214.4
                                                                                                                                                        Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                        • 208.95.112.1
                                                                                                                                                        CLOUDFLARENETUSSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        aimware.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        • 172.67.132.55
                                                                                                                                                        https://belasting.online-factuur.comGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.171.151
                                                                                                                                                        https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310Get hashmaliciousKnowBe4Browse
                                                                                                                                                        • 1.1.1.1
                                                                                                                                                        gdi32.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.66.86
                                                                                                                                                        Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.157.254
                                                                                                                                                        Crosshair-X.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 104.21.66.86
                                                                                                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.165.214
                                                                                                                                                        !Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 172.67.75.40
                                                                                                                                                        !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                        • 104.26.3.16

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0eSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        tzA45NGAW4.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        lumma.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        Titan.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        Titan.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        iviewers.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84
                                                                                                                                                        Flasher.exeGet hashmaliciousLuca Stealer, Rusty StealerBrowse
                                                                                                                                                        • 172.67.209.71
                                                                                                                                                        • 172.67.160.84

                                                                                                                                                        Dropped Files

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dllSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                          SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                                                                                            psol.txt.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                              evhopi.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                PixpFUv4G7.exeGet hashmaliciousQuasar, XWormBrowse
                                                                                                                                                                  PVUfopbGfc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    OqAVRCkQ3T.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      PVUfopbGfc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        OqAVRCkQ3T.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                          mapMd1URzq.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\v2.exe.log

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2589
                                                                                                                                                                            Entropy (8bit):5.347411404509576
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:MxHKXAHKze41qHiYHKh3oPtHo6+JHOHKU57UxHKMR0mHKtXoCayH5H/HKMHsLHmY:iqQqzfwCYqh3oPtI6IuqU57UxqMRnqNq
                                                                                                                                                                            MD5:696C6189688136406D72A0798AF5224F
                                                                                                                                                                            SHA1:6826DD4A2B09E5782E8A6B5AF6BEADF218CA616E
                                                                                                                                                                            SHA-256:484E1D3A551A6570FB7861010591CB48E36F1F81625879622AA8E12BAC367639
                                                                                                                                                                            SHA-512:17FE4A4C421A997265541E05E77FF4D7F5BFE6007D41A2293B3C62A0079CEDD0BCB346EDC6038A41F43DFE4D86493CE52EFBA34F92CF173D422809A9948BD746
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyT

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\7bcad641-3bcb-47ea-8e15-15f7a9f386e2

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                            Entropy (8bit):2.5793180405395284
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                            MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                            SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                            SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                            SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\87fc9728-c99e-44db-9ba4-d9c1b7e82ddd

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\87fc9728-c99e-44db-9ba4-d9c1b7e82ddd-shm

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\BouncyCastle.Crypto.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3316968
                                                                                                                                                                            Entropy (8bit):6.532906510598102
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:JIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9Y:6BbBWIgWljGxRB/LLY
                                                                                                                                                                            MD5:0CF454B6ED4D9E46BC40306421E4B800
                                                                                                                                                                            SHA1:9611AA929D35CBD86B87E40B628F60D5177D2411
                                                                                                                                                                            SHA-256:E51721DC0647F4838B1ABC592BD95FD8CB924716E8A64F83D4B947821FA1FA42
                                                                                                                                                                            SHA-512:85262F1BC67A89911640F59A759B476B30CA644BD1A1D9CD3213CC8AAE16D7CC6EA689815F19B146DB1D26F7A75772CEB48E71E27940E3686A83EB2CF7E46048
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: SharcHack.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: SharcHack.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: psol.txt.ps1, Detection: malicious, Browse
                                                                                                                                                                            • Filename: evhopi.ps1, Detection: malicious, Browse
                                                                                                                                                                            • Filename: PixpFUv4G7.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: PVUfopbGfc.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: OqAVRCkQ3T.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: PVUfopbGfc.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: OqAVRCkQ3T.exe, Detection: malicious, Browse
                                                                                                                                                                            • Filename: mapMd1URzq.exe, Detection: malicious, Browse
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....6Q3...@.................................G&1.O.....2..............|2.. ....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\EntityFramework.SqlServer.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):586632
                                                                                                                                                                            Entropy (8bit):6.059056255747647
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:Pbfapjp4pWVWvFdpxhGOdBB6OHK1ivk4PQG2puGeqVmjaVmnS4bfu65B:P7usAOvphbu65
                                                                                                                                                                            MD5:F32CE9A5A866313D1A3391AA42153F4A
                                                                                                                                                                            SHA1:7404383A681A2EC1C5BF24152FA298E934F53783
                                                                                                                                                                            SHA-256:4583F9D1E62C90E3BC41D9FEACCA8152E3BB067B767E806872772EA9A55803E9
                                                                                                                                                                            SHA-512:A276ED47E0687699E844DFB8215B4EF922EB6B853D7CA4BBF707B4439C26F8AFC6886F00AF0B3BA76E2DD322A0870594D81BCDC2095656A2E5B78568DC5F3F51
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............*.... ........... .......................@......k$....`.....................................O.......t................#... ..........T............................................ ............... ..H............text...X.... ...................... ..`.rsrc...t...........................@..@.reloc....... ......................@..B........................H............................]..l.........................................{,...*..{-...*V.(......},.....}-...*...0..;........u......,/(/....{,....{,...o0...,.(1....{-....{-...o2...*.*. #'p )UU.Z(/....{,...o3...X )UU.Z(1....{-...o4...X*.0..X........r...p......%..{,............-.&.+.......o5....%..{-............-.&.+.......o5....(6...*V.(7.....(......(....*..{....*"..}....*..{....*"..}....*:.(......}....*..*J.......s8...(...+*J.......s9...(...+*........s:...(...+%-.&.......s:.

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\EntityFramework.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4773480
                                                                                                                                                                            Entropy (8bit):6.084582408535823
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:49152:Ifl9Yy1hblT0KVDuv06QBhBiMyHBzwFRdH:IkutRVDuv06QbBisF
                                                                                                                                                                            MD5:00D48A062EF3DFFBA05159D019CF427D
                                                                                                                                                                            SHA1:4BA6DB0470C776423D73438894207B1D6F1E7B5D
                                                                                                                                                                            SHA-256:7E60999A5741B9B041D3A8D9BAD1C952E4CCE8216142327AB413B1DDCA70A4C5
                                                                                                                                                                            SHA-512:14B4F20F87B72C8BB0F129FDFA1B865DBC63E49B6FF763D29516AD7B235288FB959BD35609BAA3FD80E07BE4FBEB120EAAE475B7628A85D6CBC0110A442D39CE
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y]............" ..0...H........../H.. ....H...... ....................... I......AI...`...................................H.O.....H.$.............H.h$....I......-H.T............................................ ............... ..H............text.....H.. ....H................. ..`.rsrc...$.....H.......H.............@..@.reloc........I.......H.............@..B..................H.....H.............'.........d.>.....\-H.......................................{"...*..{#...*V.($.....}".....}#...*...0..;........u......,/(%....{"....{"...o&...,.('....{#....{#...o(...*.*. dL.. )UU.Z(%....{"...o)...X )UU.Z('....{#...o*...X*.0..X........r...p......%..{"............-.&.+.......o+....%..{#........w...-.&.+...w...o+....(,...*..{-...*..{....*V.($.....}-.....}....*...0..;........u......,/(%....{-....{-...o&...,.('....{.....{....o(...*.*. ...z )UU.Z(%....{-...o)...X )UU

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Newtonsoft.Json.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):584976
                                                                                                                                                                            Entropy (8bit):5.91011541005501
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:1cHfLcN/a4L/uhxq9UVFYHjL3VMsWn1s6QjRhF9gauyBuntfV+jPuxJk:1cTcVa4Lwxqc4jL3VKQjRhFjBDjPuxJk
                                                                                                                                                                            MD5:169B6D383B7C650AB3AE2129397A6CF3
                                                                                                                                                                            SHA1:FCAEF7DEFB04301FD55FB1421BB15EF96D7040D6
                                                                                                                                                                            SHA-256:B896083FEB2BDEDC1568B62805DBD354C55E57F2D2469A52AEC6C98F4EC2DEDF
                                                                                                                                                                            SHA-512:7A7A7BDB508B8BF177249251C83B65A2EF4A5D8B29397CAB130CB8444B23888678673A9A2E4B1C74CC095B358F923B9E7E5A91BFA8C240412D95765851F1DD87
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......$.....@.....................................O......................../..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........o...`..................x.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{e....3...{d......(....,...{d...*..{f.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\SQLite.Interop.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1402032
                                                                                                                                                                            Entropy (8bit):6.88401160982436
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24576:dMDaUv84L2G9qOzAMmMt9MXakDg+XoP2STgVUrrKfw/Rhngqno:dfW9GMvMX9onGAXno
                                                                                                                                                                            MD5:0A1E95B0B1535203A1B8479DFF2C03FF
                                                                                                                                                                            SHA1:20C4B4406E8A3B1B35CA739ED59AA07BA867043D
                                                                                                                                                                            SHA-256:788D748B4D35DFD091626529457D91E9EBC8225746211086B14FB4A25785A51E
                                                                                                                                                                            SHA-512:854ABCCA8D807A98A9AD0CA5D2E55716C3CE26FAE7EE4642796BAF415C3CFAD522B658963EAFE504ECAED6C2ECDCDF332C9B01E43DFA342FCC5CA0FBEDFE600E
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........KA...A...A...Z/m.a...Z/X.}...Z/l....H.U.I..._.U.B...A......Z/h.@...Z/].@...Z/\.@...Z/[.@...RichA...................PE..L...6.c...........!.........:.......4.......................................`......7.....@..........................#..:...t...x........................T..........p...............................@...@...............(............................text............................... ..`.rdata..*M.......N..................@..@.data....t...@...T...$..............@....rsrc................x..............@..@.reloc..h...........................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\System.Data.SQLite.EF6.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):208560
                                                                                                                                                                            Entropy (8bit):6.124592164027391
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3072:wP46KP8cdA0TEocO+zaZ9W3+wLLexyLKHxLj:k46KP8c+0Qs
                                                                                                                                                                            MD5:162E50541954D792420156956B09D410
                                                                                                                                                                            SHA1:F10943992EAD2DD222DF7CCFC76D74D495EF086D
                                                                                                                                                                            SHA-256:20D7E37FEDCE140669E2A2D89F4E7A67405134CA1876A55F9CF9AB0EAE8F206E
                                                                                                                                                                            SHA-512:A86167344C9645387B6B0C95AB19F2ADFEE5573AB2C6068E38E3DE0B94990379A948F0E10214B6F7DCF1F5E3159032217113267B8A7B4365F19BA970A8A51BF9
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... .c...........!..................... ........... .......................@......<.....@.................................l...O........................T... ......4................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H......../..................n...P .........................................pf.P.Y@.....D.8.Y..s.1.z#..../.....`.ZpW..45....F..W.K.(......... r24..6.5...*..\......*.5.9_e.eX..X......6.m.rp.M.'...(....*.0..3.......~.....(...., r...p.....(....o....s...........~....*.~....*.......*V(....r=..p~....o....*V(....ri..p~....o....*...0..6.......~....s.........o.........r...ps......r...po....&.o ...o!....o"....o#...&...r...po....&.o$...o%.....+D..o&...t......,...+..r...po....&.o'

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\System.Data.SQLite.Linq.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):208568
                                                                                                                                                                            Entropy (8bit):6.1218954888666905
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:7yuS8cGzz6KP8cp1x+PAaDOEzxOkqabge94h0Ero7v6PxlcU7vtPCjRTZPxB:7PX6KP8cp1kYcOnnaZ9W3roLGxPL2Xx
                                                                                                                                                                            MD5:355BBEA5EE15D806E0D6BD6DBD25F494
                                                                                                                                                                            SHA1:B41EBF0FF5C4EFFA1FD123845EFE03764E91341E
                                                                                                                                                                            SHA-256:8E2AE9D4A03E95C714D7835310795B7E0434B8AA3448E6A5B106AD9DBBA0158F
                                                                                                                                                                            SHA-512:AD453A26A22EFB522126208A1E7EBEE6EC429FDE52F4A3D30212EF9F58E39714FD7F42D05031BF31992199AEA573F9F1887DC83ED30093527D3E8B33476A4387
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c...........!................>.... ........... .......................@......C8....@.....................................W........................T... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H......../..................n...P ......................................[...HD..0iU.....h..Y#...D.m..Ze...W.fj....~..9>..u.Q=...5P.9sw....~...Cg......c..X.....~..}....:@Gk...M..i,...`R....Z[-q.}.M..(....*.0..3.......~.....(...., r...p.....(....o....s...........~....*.~....*.......*V(....r=..p~....o....*V(....ri..p~....o....*...0..6.......~....s.........o.........r...ps......r...po....&.o ...o!....o"....o#...&...r...po....&.o$...o%.....+D..o&...t......,...+..r...po....&.o'

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\System.Data.SQLite.dll

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):420528
                                                                                                                                                                            Entropy (8bit):6.162571798892841
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:OPaYZ6henFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc1v:g6hetBJm333M8EGAB
                                                                                                                                                                            MD5:056D3FCAF3B1D32FF25F513621E2A372
                                                                                                                                                                            SHA1:851740BCA46BAB71D0B1D47E47F3EB8358CBEE03
                                                                                                                                                                            SHA-256:66B64362664030BFF1596CDA2EC5BD5DF48CC7C8313C32F771DB4AA30A3F86F9
                                                                                                                                                                            SHA-512:CE47C581538F48A46D70279A62C702195BEACBFAFB48A5A862B3922625FE56F6887D1679C6D9366F946D3D2124CB31C2A3EACBBD14D601EA56E66575CDF46180
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....c...........!.................+... ...@....... ...................................@.................................d+..W....@..p................T...`......,*............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................+......H............M..........PM..J...P .......................................e...y....M.Yh~..P*b...q.q...+t.T.d.........v..Fq...:....unR.a5..Y.>...d.:.....Kuq.U9...d...K..d....K..E.$uh...a....1...w.:.(......}....*..{....*:.(......}....*..{....*r.(......}......}......}....*..0..5........-..*~.....o.....X...v....~.......o......o .........*6..(....(....*"..(....*.0..T........~!...("...-..-.~#...*../....+...X....($...-..-.~#...*..v........(%...~.......o&...*Z.~....2..~.........

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\b9e4174c-82c2-4759-99c0-e47dbf6f7a67

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp60C4.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):106496
                                                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp60D4.tmp.tmpdb

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5242880
                                                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp60E5.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6115.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):159744
                                                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6135.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):159744
                                                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6165.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):106496
                                                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6185.tmp.tmpdb

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6196.tmp.tmpdb

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):5242880
                                                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp61A6.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):114688
                                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp61D6.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):114688
                                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6225.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmp6275.tmp.dat

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):126976
                                                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\v2.exe

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):278016
                                                                                                                                                                            Entropy (8bit):5.887323139606271
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:qmYKJMVRp9hnmy0UYU9B93YUnLbB62X3Rb36h3YQ:ZJ0Rp9hzL82ghIQ
                                                                                                                                                                            MD5:3F62213D184B639A0A62BCB1E65370A8
                                                                                                                                                                            SHA1:BBF50B3C683550684CDB345D348E98FBE2FCAFE0
                                                                                                                                                                            SHA-256:C692DFC29E70A17CABC19561E8E2662E1FE32FDBA998A09FE1A8DC2B7E045B34
                                                                                                                                                                            SHA-512:0CD40D714E6A6EBD60CC0C8B0E339905A5F1198A474A531B1794FB562F27053F118718CC68B9652FEF3411906F9D8AD22D0253AF256FA1922133E9907298E803
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Yara Hits:
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRecon, Description: Yara detected Telegram Recon, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_NitroStealer, Description: Yara detected Nitro Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_BlackGuard, Description: Yara detected BlackGuard, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_VEGAStealer, Description: Yara detected VEGA Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_AdesStealer, Description: Yara detected Ades Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: infostealer_win_lighting, Description: Detect the Lighting infostealer based on specific strings, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Sekoia.io
                                                                                                                                                                            • Rule: infostealer_win_stormkitty, Description: Finds StormKitty samples (or their variants) based on specific strings, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Sekoia.io
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_References_VPN, Description: Detects executables referencing many VPN software clients. Observed in infosteslers, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            • Rule: MALWARE_Win_A310Logger, Description: Detects A310Logger, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...tq................0..4..........J,... ...`....@.. ....................................`..................................+..O....`...............................+............................................... ............... ..H............text...@2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B................,,......H...........D6..........$+................................................(%...*..(%...*.0..........s....o....t....o&....8......('....r...p......%..o.....%..o.....%..o..........%..o.....%..o.....((....~....rC..p()....(*.....&~....r...p()....(*.....~.....X.......(+...:n.............o.......&r...p(,.....*.(....e..|...............................0..........s(...o-...t....o-....8......(.....r...p......%..o.....%..o.....%..o..........%..o.....%..o.....((....~....r...p()....(*.....

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Browsers\Firefox\Bookmarks.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):105
                                                                                                                                                                            Entropy (8bit):3.8863455911790052
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:RGtjybXLGSWK+ZjMGvRS3ZMz9GSOLj2SjyRE2qJ:hvWF7Ipg9OL2RE2m
                                                                                                                                                                            MD5:2E9D094DDA5CDC3CE6519F75943A4FF4
                                                                                                                                                                            SHA1:5D989B4AC8B699781681FE75ED9EF98191A5096C
                                                                                                                                                                            SHA-256:C84C98BBF5E0EF9C8D0708B5D60C5BB656B7D6BE5135D7F7A8D25557E08CF142
                                                                                                                                                                            SHA-512:D1F7EED00959E902BDB2125B91721460D3FF99F3BDFC1F2A343D4F58E8D4E5E5A06C0C6CDC0379211C94510F7C00D7A8B34FA7D0CA0C3D54CBBE878F1E9812B7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:### Get Help ###.### Customize Firefox ###.### Get Involved ###.### About Us ###.### Getting Started ###.

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Browsers\Firefox\History.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):94
                                                                                                                                                                            Entropy (8bit):4.886397362842801
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:RGEnGPHA9lfMJJEFAN2DSLvIJiMhKVX3L2WdXuvn:DG/CF0EFAN2OLciA8d+v
                                                                                                                                                                            MD5:61CDD7492189720D58F6C5C975D6DFBD
                                                                                                                                                                            SHA1:6966AFE0DEC5B0ABD90291FA12C0F6B7EF73ED43
                                                                                                                                                                            SHA-256:2F345865397FF1952921DB0588A6B589BAF30E67A90E11F7064E515AC162E862
                                                                                                                                                                            SHA-512:20D5A1C9809DF4F5B9C789042E5B88928A5246F9EB44F9D265CA3AA6FC9544A582B758ECAF6BBB0E9CEE149BD0AAC5E6C63D954541D1B23A7FC11894121CC0AE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:### Firefox Privacy Notice . Mozilla ### (https://www.mozilla.org/en-US/privacy/firefox/) 1.

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Browsers\Google\Cookies_Chrome.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):3355
                                                                                                                                                                            Entropy (8bit):5.859711514959835
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:jJMsoO2gicRq6Zi2L+ySstv3pP+YRBynqsCHw4R2cksQ:NiCRtpKQdA
                                                                                                                                                                            MD5:E7FE9C45ABECAFAD2E0254DC692B506D
                                                                                                                                                                            SHA1:74028143ACD8925C5A5702C457018B99FBBCC939
                                                                                                                                                                            SHA-256:015E4099C0D99A9AC9A9FBF362D26D4F049BA5EAA24D19EFA48E674DD28DD658
                                                                                                                                                                            SHA-512:B8875F3039E84088C1A758D75DF84862A3EF08462D044EB752E72F25AF109E1074292183449C3024B58E2745F61BC3138CBEBFB33984DD7164916F2577A7A826
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.google.com.TRUE./.FALSE.13356618603686193.NID.511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk..support.microsoft.com.TRUE./.FALSE.13340887435186329..AspNetCore.AuthProvider.True..support.microsoft.com.TRUE./signin-oidc.FALSE.13340887735359381..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.N..support.microsoft.com.TRUE./signin-oidc.FALSE.13340887735359334..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY4v6LZriT4P2fGeBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VSMOfm-L0RnS8.N..support.office.com.TRUE./.FALSE.13372509232238068.EXPID.8e067c40-5461-4aef-885f-2c92ce6a5474...microsoft.com.TRUE./.FALSE.13372422837017624.MC1.GUID=749eee6039c5489b9db3000c7

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Browsers\Google\History.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1393
                                                                                                                                                                            Entropy (8bit):5.241470443395582
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:PTIOm5oh9wxOm5pjRmZDKJfOm5pjRSpDKJfOmcTdmcOWz5oPpMcOWz5pjRVpbccU:PbmAwgm/VcDKJmm/VuDKJmmcBYpB/VVe
                                                                                                                                                                            MD5:7F24357FFA354F2471DED45552B897D7
                                                                                                                                                                            SHA1:1DC89FD89BA23EA0186D0D8559B27CF647ECF4DC
                                                                                                                                                                            SHA-256:573E409CB5579533BC387F3943FFFACAF7694269A38B4B56987E8A8B83CF3AD1
                                                                                                                                                                            SHA-512:202F2FC022B7C484E0EDCA890300C471CA3097217A20BF0DDC4E1DC277D411CA3742608302DDB2A0F4E6EAA662D1B741AC2F6A4566C3133A151D0EF83EEDB6A3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:### https://go.microsoft.com/fwlink/?linkid=851546 ### (Examples of Office product keys - Microsoft Support) 3.### https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 ### (Examples of Office product keys - Microsoft Support) 3.### https://support.microsoft.com/en-us/office/7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us ### (Examples of Office product keys - Microsoft Support) 3.### https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us ### (Examples of Office product keys - Microsoft Support) 1.### https://go.microsoft.com/fwlink/?LinkId=2106243 ### (Install the English Language Pack for 32-bit Office - Microsoft Support) 3.### https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 ### (Install the English Language Pack for 32-bit Office - Microsoft Support) 3.### https://support.microsoft.com/

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\HTAGVDFUIE.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\KATAXZVCPS.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\KZWFNRXYKI.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\NIKHQAIQAU.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.690394987545919
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                                                                                            MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                                                                                            SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                                                                                            SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                                                                                            SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\NWTVCDUMOB.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\ONBQCLYSPU\HTAGVDFUIE.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\ONBQCLYSPU\WUTJSCBCFX.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\UMMBDNEQBN\KZWFNRXYKI.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\UMMBDNEQBN\WKXEWIOTXI.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.697336881644685
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                            MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                            SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                            SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                            SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\VLZDGUKUTZ.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\VLZDGUKUTZ\NIKHQAIQAU.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.690394987545919
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                                                                                            MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                                                                                            SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                                                                                            SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                                                                                            SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\VLZDGUKUTZ\NWTVCDUMOB.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\WKXEWIOTXI.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.697336881644685
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                            MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                            SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                            SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                            SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\WUTJSCBCFX.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\XZXHAVGRAG\KATAXZVCPS.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Files\XZXHAVGRAG\VLZDGUKUTZ.pdf

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Information.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):1524
                                                                                                                                                                            Entropy (8bit):4.494142060438395
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:gMMNoEMshMp11IATMphEQQ6pgzayohCowpwl0/NdZfvPVfN7V57NSa4:gMMOEMshMp11IATMphEQlpkayohCo6Ju
                                                                                                                                                                            MD5:F863799F27F2F8FA5B84CE9CD0C9CBAE
                                                                                                                                                                            SHA1:A9260C25261BB4CD36C0E28348C84775AE0D857B
                                                                                                                                                                            SHA-256:17E7B01B498AA1D044E63323939C9C3DE0E5640C271F5E727A24414FD6D19114
                                                                                                                                                                            SHA-512:CCA06B0BDCCBE90004F093218BB9E6AE4A9882F3D28C9903475D6462ECD2EE51642CC0020EE8BE7422B8ED98293F88FE6BE0FD979D0258561954D75C77E0A9A8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:. ********************************************. * .................................. *. * .................................. *. * .................................. *. * .................................. *. * .................................. *. * .................................. *. * https://t.me/VegaStealer_bot *. * *. * ******************************************* ==================================================. Operating system: Windows 10 Pro (64 Bit). PC user: 528110/user. Cl

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Process.txt

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4029
                                                                                                                                                                            Entropy (8bit):4.874468819263238
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:5mllNYhuZllhmTillllSlR5lYlKlURmzllYlYXE5VCYlt4kllJlv5llllmlTwEJ3:tuwrwlHDFNIt9pF
                                                                                                                                                                            MD5:2AA854C8B6CA0113C2747A1B347C49EC
                                                                                                                                                                            SHA1:31940C755F9AF1C5B08B6A01E4D1824DA8C8C39A
                                                                                                                                                                            SHA-256:1371976130F5D2A06D62FB4F8B0F4F8BF755CB5C7E9BCA6E2240B30D7A311949
                                                                                                                                                                            SHA-512:2C0EB92158C493E04FF9FD6DA190B76AD10E63E173C8E5F01CF1367E67B5AF2EA4E4928B6A7989F1087A503FEF0946767ABB7D5FDC4A09EB26FB3F3F479DE213
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: svchost..NAME: explorer..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: fontdrvhost..NAME: smartscreen..NAME: svchost..NAME: csrss..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: svchost..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: sihost..NAME: dllhost..NAME: OfficeClickToRun..NAME: svchost..NAME: svchost..NAME: dasHost..NAME: svchost..NAME: ctfmon..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: WmiPrvSE..NAME: svchost..NAME: WinStore.App..NAME: svchost..NAME: svchost..NAME: svchost..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: svchost..NAME: svchost..NAME: svchost..NAME: svchost..NAME: RuntimeBroker..NAME: StartMenuExperienceHost..NAME: fontdrvhost..NAME: TextInputHost..NAME: svchost..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME: smss..NAME: KcqhpONYfoQEEmXlHVRbZY..NAME:

                                                                                                                                                                            C:\Users\user\AppData\Roaming\TVBPuwPTRLJVLHPLVyZ528110.user\Screen.png

                                                                                                                                                                            Download File
                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):707327
                                                                                                                                                                            Entropy (8bit):7.927996433929904
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12288:NCJt7Gi9YHYWTnROPopFVOo0SrQLWuViUSHGvkBpMCIsVrCRKO4x4Zx:NCT9qTnU6FtrQLWtS6rCRKO4xOx
                                                                                                                                                                            MD5:B73D8174CEA08A902DAF77D2C6A9EFAE
                                                                                                                                                                            SHA1:7CFD7E765F0417EAF25F142F0656AFB406D7AA68
                                                                                                                                                                            SHA-256:92659175900BD5ED4A275046593D191C75645E1DFB70959E58ABC1E5D333F47C
                                                                                                                                                                            SHA-512:5B33F029F40554449F2739645EAA035A110E54CC4713435E16B8EA58BA966DB9BB1EFCEBF0CFFA1DC5D3D47BB764F166E6F062082CCEDBA3B4777AD65954BCAE
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...^.v..{NW...)..3.].=..9m.v.m.EH..lc...x7.}........`..$.b....-..I...........R.89.w"./..|.......Z.7BoY..M.s3c+......m..?2...0....9.s....~....#}..x_.d$....5@....v...}.z......v.k..T..)...'..N..X..}'.e-....mA..C.~....WP?vI..^S;fqG..=t.G-...&.#_..}?[8...rO..........aS.....?~1...A....%}?.q}........{......g.D...%.......<.....<U..>......7...|........x_.....-...O.W.H..T..... 6.O&......P?.....~C......T....A.yK}..v.Ca....c.?2....N.}....}..(.L..'..G}..C.....q\?..c\k..|.~.c...../.J.k...<..o.yUl.......{.{.....}1.......)6n....}b..1..{...y..v_..17.v........-.4....{^..s..v,..G;....zo.c.....6;.6...G.C...>7..#.[...8...D}.{.....{.}c....=..-....=...%...$.v.;.w...1..#^+....Lycw....[.n..%.......?..].I....9.c.s.......v....|D....H..pg....lB..w'.<b}..}...O.3.mwG..!.o.X}......c....>h/...>........x.v1o..C..x..'.<A.y`n...3.1.O......m)....).\].k1..i..q,..kN.

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Entropy (8bit):7.905088140781816
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                            • VXD Driver (31/22) 0.00%
                                                                                                                                                                            File name:VegaStealer_v2.exe
                                                                                                                                                                            File size:8'068'096 bytes
                                                                                                                                                                            MD5:9f4f298bcf1d208bd3ce3907cfb28480
                                                                                                                                                                            SHA1:05c1cfde951306f8c6e9d484d3d88698c4419c62
                                                                                                                                                                            SHA256:bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc
                                                                                                                                                                            SHA512:4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806
                                                                                                                                                                            SSDEEP:98304:Rgl47z3Aldea5a/OhtJeq+4NK+dG7M0mWZsE6+YhU+dbkh4yiMP0Q:H/wld79ht+j1M0mWZsE6+YASy10Q
                                                                                                                                                                            TLSH:F486333FC6E7CF60CC4015FBDCDA9A76048766CADFD28A49656B02C21A53B1FCB1A614
                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Q......................{.............. ....@...........................|............................................

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:90cececece8e8eb0

                                                                                                                                                                            Static PE Info

                                                                                                                                                                            General

                                                                                                                                                                            Entrypoint:0x401ae1
                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                            Time Stamp:0x51BC99EC [Sat Jun 15 16:44:28 2013 UTC]
                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                            File Version Major:4
                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                            Import Hash:d5d9d937853db8b666bd4b525813d7bd

                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                            Instruction
                                                                                                                                                                            call 00007FCF3CB03391h
                                                                                                                                                                            mov dword ptr [0040300Bh], eax
                                                                                                                                                                            push 00000000h
                                                                                                                                                                            call 00007FCF3CB0339Dh
                                                                                                                                                                            mov dword ptr [00403013h], eax
                                                                                                                                                                            call 00007FCF3CB0339Fh
                                                                                                                                                                            mov dword ptr [00403C70h], eax
                                                                                                                                                                            push 0000000Ah
                                                                                                                                                                            push dword ptr [0040300Bh]
                                                                                                                                                                            push 00000000h
                                                                                                                                                                            push dword ptr [00403013h]
                                                                                                                                                                            call 00007FCF3CB0281Fh
                                                                                                                                                                            push 00000000h
                                                                                                                                                                            call 00007FCF3CB03348h
                                                                                                                                                                            int3
                                                                                                                                                                            jmp dword ptr [0040207Ch]
                                                                                                                                                                            jmp dword ptr [00402008h]
                                                                                                                                                                            jmp dword ptr [0040200Ch]
                                                                                                                                                                            jmp dword ptr [00402010h]
                                                                                                                                                                            jmp dword ptr [00402014h]
                                                                                                                                                                            jmp dword ptr [00402018h]
                                                                                                                                                                            jmp dword ptr [0040201Ch]
                                                                                                                                                                            jmp dword ptr [00402020h]
                                                                                                                                                                            jmp dword ptr [00402024h]
                                                                                                                                                                            jmp dword ptr [00402028h]
                                                                                                                                                                            jmp dword ptr [0040202Ch]
                                                                                                                                                                            jmp dword ptr [00402030h]
                                                                                                                                                                            jmp dword ptr [00402034h]
                                                                                                                                                                            jmp dword ptr [00402038h]
                                                                                                                                                                            jmp dword ptr [0040203Ch]
                                                                                                                                                                            jmp dword ptr [00402040h]
                                                                                                                                                                            jmp dword ptr [00402044h]
                                                                                                                                                                            jmp dword ptr [00402048h]
                                                                                                                                                                            jmp dword ptr [0040204Ch]
                                                                                                                                                                            jmp dword ptr [00402050h]
                                                                                                                                                                            jmp dword ptr [00402054h]
                                                                                                                                                                            jmp dword ptr [00402058h]
                                                                                                                                                                            jmp dword ptr [00402000h]

                                                                                                                                                                            Data Directories

                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x20bc0x50.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x7afd64.rsrc
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000xbc.rdata
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                            Sections

                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                            .text0x10000xc260xe00a941ede160cf12509be8dd37ae2b6a57False0.47935267857142855data5.1463325678068115IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .rdata0x20000x4c00x600930587e8eece4537e4be6a4476dc03faFalse0.4055989583333333data4.212357479426224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                            .data0x30000xd6f00x6007f95694b637a8e9d84e496462c4af938False0.16927083333333334data1.7255508052001818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                            .rsrc0x110000x7afd640x7afe00b219466a36ef6d9e124a5ad06bb1229dunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                            Resources

                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                            IMAGE0x1128c0x42PC bitmap, Windows 3.x format, 1 x 1 x 1, image size 4, cbSize 66, bits offset 62EnglishUnited States0.5151515151515151
                                                                                                                                                                            RT_RCDATA0x112d00x142f2bdata0.9882440567016602
                                                                                                                                                                            RT_RCDATA0x1541fc0x10b848data0.9898815155029297
                                                                                                                                                                            RT_RCDATA0x25fa440x1f82b0data0.9830493927001953
                                                                                                                                                                            RT_RCDATA0x457cf40x24eb98data0.984318733215332
                                                                                                                                                                            RT_RCDATA0x6a688c0x3a617data0.9820304691649208
                                                                                                                                                                            RT_RCDATA0x6e0ea40x51392data0.9797889927560192
                                                                                                                                                                            RT_RCDATA0x7322380x38f61data0.9860745007779249
                                                                                                                                                                            RT_RCDATA0x76b19c0x16ffedata0.9823153514638133
                                                                                                                                                                            RT_RCDATA0x78219c0x16f8bdata0.9885961462839167
                                                                                                                                                                            RT_RCDATA0x7991280x27969data0.9835649047504518
                                                                                                                                                                            RT_RCDATA0x7c0a940x2cfdata0.5910987482614742

                                                                                                                                                                            Imports

                                                                                                                                                                            DLLImport
                                                                                                                                                                            shlwapi.dllPathFindFileNameA
                                                                                                                                                                            kernel32.dllLockResource, lstrlenA, CloseHandle, CreateFileA, ExitProcess, FindResourceA, FreeResource, GetCommandLineA, GetEnvironmentVariableA, GetFileSize, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetProcessHeap, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, HeapAlloc, HeapFree, LoadLibraryA, LoadResource, lstrcpynA, RtlMoveMemory, SetFileAttributesA, SizeofResource, WriteFile, lstrcatA, lstrcpyA
                                                                                                                                                                            user32.dllCreateWindowExA, DefWindowProcA, DispatchMessageA, GetMessageA, LoadCursorA, LoadIconA, MessageBoxA, PostQuitMessage, RegisterClassExA, SendMessageA, ShowWindow, TranslateMessage, UpdateWindow

                                                                                                                                                                            Possible Origin

                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 28, 2024 22:31:05.186701059 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:05.186748028 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:05.186887980 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:05.580595016 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:05.580614090 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:06.809906960 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:06.810087919 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:06.812702894 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:06.812714100 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:06.813111067 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:06.863399982 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:06.865297079 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:06.907347918 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:07.243566990 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:07.243730068 CET44349730172.67.160.84192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:07.243808031 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:07.247554064 CET49730443192.168.2.4172.67.160.84
                                                                                                                                                                            Dec 28, 2024 22:31:07.396353006 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:07.396420956 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:07.396492004 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:07.396871090 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:07.396892071 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:08.625298977 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:08.625408888 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:08.628514051 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:08.628525972 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:08.628892899 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:08.630440950 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:08.671370029 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.127469063 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.127614975 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.127675056 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:09.127703905 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.127886057 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.127929926 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:09.127940893 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.128170967 CET44349731172.67.209.71192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.128235102 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:09.135205984 CET49731443192.168.2.4172.67.209.71
                                                                                                                                                                            Dec 28, 2024 22:31:09.816291094 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:09.935930967 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.941097975 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:09.941303968 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:10.061168909 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:11.037902117 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:11.082274914 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:11.400108099 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:11.403276920 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:11.519973993 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:11.520035028 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:11.522772074 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:11.522841930 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:11.522963047 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                            Dec 28, 2024 22:31:11.643224001 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:12.712474108 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:12.745942116 CET4973380192.168.2.4208.95.112.1

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 28, 2024 22:31:04.637578964 CET5934553192.168.2.41.1.1.1
                                                                                                                                                                            Dec 28, 2024 22:31:04.778678894 CET53593451.1.1.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:07.250134945 CET5029853192.168.2.41.1.1.1
                                                                                                                                                                            Dec 28, 2024 22:31:07.395459890 CET53502981.1.1.1192.168.2.4
                                                                                                                                                                            Dec 28, 2024 22:31:09.678498983 CET6343953192.168.2.41.1.1.1
                                                                                                                                                                            Dec 28, 2024 22:31:09.815681934 CET53634391.1.1.1192.168.2.4

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 28, 2024 22:31:04.637578964 CET192.168.2.41.1.1.10x8a0fStandard query (0)freegeoip.appA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 28, 2024 22:31:07.250134945 CET192.168.2.41.1.1.10xee8dStandard query (0)ipbase.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 28, 2024 22:31:09.678498983 CET192.168.2.41.1.1.10x142dStandard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 28, 2024 22:31:04.778678894 CET1.1.1.1192.168.2.40x8a0fNo error (0)freegeoip.app172.67.160.84A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 28, 2024 22:31:04.778678894 CET1.1.1.1192.168.2.40x8a0fNo error (0)freegeoip.app104.21.73.97A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 28, 2024 22:31:07.395459890 CET1.1.1.1192.168.2.40xee8dNo error (0)ipbase.com172.67.209.71A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 28, 2024 22:31:07.395459890 CET1.1.1.1192.168.2.40xee8dNo error (0)ipbase.com104.21.85.189A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 28, 2024 22:31:09.815681934 CET1.1.1.1192.168.2.40x142dNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • freegeoip.app
                                                                                                                                                                            • ipbase.com
                                                                                                                                                                            • ip-api.com

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.449732208.95.112.1803120C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 28, 2024 22:31:09.941303968 CET78OUTGET /json/?fields=61439 HTTP/1.1
                                                                                                                                                                            Host: ip-api.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Dec 28, 2024 22:31:11.037902117 CET483INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sat, 28 Dec 2024 21:31:10 GMT
                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                            Content-Length: 306
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            X-Ttl: 60
                                                                                                                                                                            X-Rl: 44
                                                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                            Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.449733208.95.112.1803120C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 28, 2024 22:31:11.522963047 CET78OUTGET /json/?fields=61439 HTTP/1.1
                                                                                                                                                                            Host: ip-api.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Dec 28, 2024 22:31:12.712474108 CET483INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Sat, 28 Dec 2024 21:31:12 GMT
                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                            Content-Length: 306
                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                            X-Ttl: 58
                                                                                                                                                                            X-Rl: 43
                                                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                            Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.449730172.67.160.844433120C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-28 21:31:06 UTC67OUTGET /xml/ HTTP/1.1
                                                                                                                                                                            Host: freegeoip.app
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-28 21:31:07 UTC850INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                            Date: Sat, 28 Dec 2024 21:31:07 GMT
                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                            Content-Length: 167
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Cache-Control: max-age=3600
                                                                                                                                                                            Expires: Sat, 28 Dec 2024 22:31:07 GMT
                                                                                                                                                                            Location: https://ipbase.com/xml/
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2FFuJ0FqFoM1qLwG2ftD40xpg5x42P362wVgwl28yz3i3zo69N4bkkRt6zEO2UWr9AjCMgDI97Ce5WpAYPd3ibbYTvXPSWJAFLJ7ic4CYMQojifQh%2FyyZvV1dVK8FRe3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f94a7c939924263-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1684&rtt_var=657&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=681&delivery_rate=1632196&cwnd=247&unsent_bytes=0&cid=6d6b043836a539c9&ts=457&x=0"
                                                                                                                                                                            2024-12-28 21:31:07 UTC167INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.449731172.67.209.714433120C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-28 21:31:08 UTC64OUTGET /xml/ HTTP/1.1
                                                                                                                                                                            Host: ipbase.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-28 21:31:09 UTC956INHTTP/1.1 404 Not Found
                                                                                                                                                                            Date: Sat, 28 Dec 2024 21:31:08 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Age: 11734
                                                                                                                                                                            Cache-Control: public,max-age=0,must-revalidate
                                                                                                                                                                            Cache-Status: "Netlify Edge"; hit
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            X-Nf-Request-Id: 01JG7JW88GNP7H170AZY6ZR0JF
                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMsdpy52Ljn034NqniOCtz3kb7%2BPM3Re%2FnMqwAdR6m%2FGK11489eYINNJFA9upXbkTT98LUSpYtQfL2q1HHoFRMx2tT7%2BR%2FN7Om2x%2B7WGIowT0%2B4hKhJcpULC7qf7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                            CF-RAY: 8f94a7d48b3d727b-EWR
                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2031&min_rtt=2012&rtt_var=792&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=678&delivery_rate=1349353&cwnd=232&unsent_bytes=0&cid=1702e8071a78c8ec&ts=523&x=0"
                                                                                                                                                                            2024-12-28 21:31:09 UTC413INData Raw: 64 37 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 3a 72 6f 6f 74 20 7b 0a 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 52 67 62 46 61 63 65 74 73 54 65 61 6c 36 30 30 3a 20 32 20 31 32 38 20 31 32 35
                                                                                                                                                                            Data Ascii: d79<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Page not found</title> <style> :root { --colorRgbFacetsTeal600: 2 128 125
                                                                                                                                                                            2024-12-28 21:31:09 UTC1369INData Raw: 6c 4c 69 67 68 74 32 30 30 29 3b 0a 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 52 67 62 46 61 63 65 74 73 4e 65 75 74 72 61 6c 4c 69 67 68 74 37 30 30 3a 20 35 33 20 35 38 20 36 32 3b 0a 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 47 72 61 79 44 61 72 6b 65 73 74 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 52 67 62 46 61 63 65 74 73 4e 65 75 74 72 61 6c 4c 69 67 68 74 37 30 30 29 3b 0a 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 47 72 61 79 4c 69 67 68 74 65 72 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 52 67 62 46 61 63 65 74 73 4e 65 75 74 72 61 6c 4c 69 67 68 74 32 30 30 29 3b 0a 20 20 20 20 20 20 20 20 2d 2d 63 6f 6c 6f 72 54 65 78 74 3a 20 76 61 72 28 2d 2d 63 6f 6c 6f 72 47 72 61 79 44 61 72 6b 65 73 74 29 3b 0a 20 20 20 20 20 20 20 20 2d 2d 65 66 66 65
                                                                                                                                                                            Data Ascii: lLight200); --colorRgbFacetsNeutralLight700: 53 58 62; --colorGrayDarkest: var(--colorRgbFacetsNeutralLight700); --colorGrayLighter: var(--colorRgbFacetsNeutralLight200); --colorText: var(--colorGrayDarkest); --effe
                                                                                                                                                                            2024-12-28 21:31:09 UTC1369INData Raw: 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 34 70 78 3b 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 38 70 78 3b 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 76 61 72 28 2d 2d 65 66 66 65 63 74 53 68 61 64 6f 77 4c 69 67 68 74 53 68 61 6c 6c 6f 77 29 3b 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 28 76 61 72 28 2d 2d 63 6f 6c 6f 72 47 72 61 79 4c 69 67 68 74 65 72 29 29 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 61 20 7b 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 36 30 30 3b 0a 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: padding: 24px; background: white; border-radius: 8px; box-shadow: var(--effectShadowLightShallow); border: 1px solid rgb(var(--colorGrayLighter)); } a { margin: 0; font-weight: 600;
                                                                                                                                                                            2024-12-28 21:31:09 UTC305INData Raw: 73 3a 2f 2f 61 6e 73 77 65 72 73 2e 6e 65 74 6c 69 66 79 2e 63 6f 6d 2f 74 2f 73 75 70 70 6f 72 74 2d 67 75 69 64 65 2d 69 2d 76 65 2d 64 65 70 6c 6f 79 65 64 2d 6d 79 2d 73 69 74 65 2d 62 75 74 2d 69 2d 73 74 69 6c 6c 2d 73 65 65 2d 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 2f 31 32 35 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 63 6f 6d 6d 75 6e 69 74 79 5f 74 72 61 63 6b 69 6e 67 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 3e e2 80 9c 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 e2 80 9d 20 73 75 70 70 6f 72 74 20 67 75 69 64 65 3c 2f 61 0a 20 20 20 20 20 20 20 20 20 20 3e 0a 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 20 74 69 70 73 2e 0a 20 20 20 20 20 20 20
                                                                                                                                                                            Data Ascii: s://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking" >page not found support guide</a > for troubleshooting tips.
                                                                                                                                                                            2024-12-28 21:31:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:16:31:02
                                                                                                                                                                            Start date:28/12/2024
                                                                                                                                                                            Path:C:\Users\user\Desktop\VegaStealer_v2.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\VegaStealer_v2.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:8'068'096 bytes
                                                                                                                                                                            MD5 hash:9F4F298BCF1D208BD3CE3907CFB28480
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_NitroStealer, Description: Yara detected Nitro Stealer, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_BlackGuard, Description: Yara detected BlackGuard, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_VEGAStealer, Description: Yara detected VEGA Stealer, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_AdesStealer, Description: Yara detected Ades Stealer, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000000.00000003.1676781668.00000000031C1000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:1
                                                                                                                                                                            Start time:16:31:03
                                                                                                                                                                            Start date:28/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\v2.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\v2.exe"
                                                                                                                                                                            Imagebase:0x820000
                                                                                                                                                                            File size:278'016 bytes
                                                                                                                                                                            MD5 hash:3F62213D184B639A0A62BCB1E65370A8
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_VEGAStealer, Description: Yara detected VEGA Stealer, Source: 00000001.00000002.1766165520.0000000002DFA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_NitroStealer, Description: Yara detected Nitro Stealer, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_BlackGuard, Description: Yara detected BlackGuard, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_VEGAStealer, Description: Yara detected VEGA Stealer, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_AdesStealer, Description: Yara detected Ades Stealer, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000001.00000000.1677351963.0000000000822000.00000002.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                                                                                                                                            • Rule: JoeSecurity_VEGAStealer, Description: Yara detected VEGA Stealer, Source: 00000001.00000002.1766165520.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: 00000001.00000002.1766165520.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRecon, Description: Yara detected Telegram Recon, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_NitroStealer, Description: Yara detected Nitro Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_BlackGuard, Description: Yara detected BlackGuard, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_VEGAStealer, Description: Yara detected VEGA Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_AdesStealer, Description: Yara detected Ades Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Joe Security
                                                                                                                                                                            • Rule: infostealer_win_lighting, Description: Detect the Lighting infostealer based on specific strings, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Sekoia.io
                                                                                                                                                                            • Rule: infostealer_win_stormkitty, Description: Finds StormKitty samples (or their variants) based on specific strings, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: Sekoia.io
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_Discord_Regex, Description: Detects executables referencing Discord tokens regular expressions, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            • Rule: INDICATOR_SUSPICIOUS_EXE_References_VPN, Description: Detects executables referencing many VPN software clients. Observed in infosteslers, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            • Rule: MALWARE_Win_A310Logger, Description: Detects A310Logger, Source: C:\Users\user\AppData\Local\Temp\v2.exe, Author: ditekSHen
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                            • Detection: 83%, ReversingLabs
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:83.7%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:40%
                                                                                                                                                                              Total number of Nodes:5
                                                                                                                                                                              Total number of Limit Nodes:1

                                                                                                                                                                              Callgraph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                              • Disassembly available
                                                                                                                                                                              callgraph 0 Function_00401000 1 Function_00401AE1 1->0

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 00401AE1 Relevance: 6.0, APIs: 4, Instructions: 16memoryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCommandLineA.KERNEL32 ref: 00401AE1
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 00401AED
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000), ref: 00401AF7
                                                                                                                                                                                • Part of subcall function 00401000: LoadIconA.USER32(00403000,000001F4), ref: 0040104C
                                                                                                                                                                                • Part of subcall function 00401000: LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
                                                                                                                                                                                • Part of subcall function 00401000: RegisterClassExA.USER32(00000030), ref: 0040106E
                                                                                                                                                                                • Part of subcall function 00401000: CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
                                                                                                                                                                                • Part of subcall function 00401000: ShowWindow.USER32(00000001,?), ref: 004010BC
                                                                                                                                                                                • Part of subcall function 00401000: UpdateWindow.USER32(00000001), ref: 004010C7
                                                                                                                                                                                • Part of subcall function 00401000: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
                                                                                                                                                                                • Part of subcall function 00401000: TranslateMessage.USER32(?), ref: 004010E4
                                                                                                                                                                                • Part of subcall function 00401000: DispatchMessageA.USER32(?), ref: 004010ED
                                                                                                                                                                              • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B18
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1677536102.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1677523985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677547236.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677559679.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677559679.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677585253.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677918358.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_VegaStealer_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageWindow$LoadProcess$ClassCommandCreateCursorDispatchExitHandleHeapIconLineModuleRegisterShowTranslateUpdate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 673778540-0
                                                                                                                                                                              • Opcode ID: bf6d8b6f60bdcb853f7381a7d85681237ca7f04d2f73d170e19a7b203482a8eb
                                                                                                                                                                              • Instruction ID: 8601b60a343ef63eca695c0712cadf30932154ab05066af7af19716e0146d46f
                                                                                                                                                                              • Opcode Fuzzy Hash: bf6d8b6f60bdcb853f7381a7d85681237ca7f04d2f73d170e19a7b203482a8eb
                                                                                                                                                                              • Instruction Fuzzy Hash: 72E06774959300AAE7217F71AE06B143E74E70474BF10407BF6157A1F6EB786A10AB1D
                                                                                                                                                                              Function 00401000 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 67windowregistryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadIconA.USER32(00403000,000001F4), ref: 0040104C
                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
                                                                                                                                                                              • RegisterClassExA.USER32(00000030), ref: 0040106E
                                                                                                                                                                              • CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
                                                                                                                                                                              • ShowWindow.USER32(00000001,?), ref: 004010BC
                                                                                                                                                                              • UpdateWindow.USER32(00000001), ref: 004010C7
                                                                                                                                                                              • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 004010E4
                                                                                                                                                                              • DispatchMessageA.USER32(?), ref: 004010ED
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000000.00000002.1677536102.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                              • Associated: 00000000.00000002.1677523985.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677547236.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677559679.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677559679.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677585253.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              • Associated: 00000000.00000002.1677918358.0000000000BC0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_VegaStealer_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageWindow$Load$ClassCreateCursorDispatchIconRegisterShowTranslateUpdate
                                                                                                                                                                              • String ID: 0$WinClass32
                                                                                                                                                                              • API String ID: 282685165-2329282442
                                                                                                                                                                              • Opcode ID: 286dd39defc53bc53642eb2300d05e627e30782ba9ed8b70d4df91332c1cf868
                                                                                                                                                                              • Instruction ID: db64ee9f6a3c3da8bd2a7b60d0102d68ead382408d30bf1f106ff4c9428f50ce
                                                                                                                                                                              • Opcode Fuzzy Hash: 286dd39defc53bc53642eb2300d05e627e30782ba9ed8b70d4df91332c1cf868
                                                                                                                                                                              • Instruction Fuzzy Hash: F7213C70D44248AAEF11DFD0CD46BDDBFB8AB04708F20802AF600BA1E5D7B966459B5C

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:1.6%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:7.7%
                                                                                                                                                                              Total number of Nodes:753
                                                                                                                                                                              Total number of Limit Nodes:149
                                                                                                                                                                              execution_graph 74499 6c0019f0 74500 6c001a05 GetCurrentProcessId 74499->74500 74501 6c0019fb 74499->74501 74502 6c001a5a 74500->74502 74503 6c001a1e 74500->74503 74508 6bffce00 74503->74508 74505 6c001a30 74507 6c001a51 74505->74507 74558 6bf842d0 12 API calls 74505->74558 74509 6bffce1d SI769271af19a2299d 74508->74509 74510 6bffce45 74508->74510 74509->74505 74559 6bfe5630 74510->74559 74512 6bffd315 74512->74505 74513 6bffce4c 74513->74512 74521 6bffcecf _memset 74513->74521 74616 6bf32f30 74513->74616 74515 6bffd2c1 SIccd01f4d70f48acf 74517 6bffd2d1 74515->74517 74516 6bffcf56 74564 6bf72870 74516->74564 74628 6bf245c0 SIaa0f8e0c251cfd1d 74517->74628 74520 6bffd03a 74523 6bf72870 7 API calls 74520->74523 74521->74515 74521->74516 74522 6bffcf43 SIaa0f8e0c251cfd1d 74521->74522 74544 6bffd14b 74522->74544 74524 6bffd050 74523->74524 74525 6bf72870 7 API calls 74524->74525 74526 6bffd066 74525->74526 74527 6bf72870 7 API calls 74526->74527 74528 6bffd07c 74527->74528 74529 6bf72870 7 API calls 74528->74529 74530 6bffd092 74529->74530 74531 6bffd0c6 74530->74531 74532 6bffd0b6 74530->74532 74530->74544 74622 6bf39dc0 10 API calls 74531->74622 74621 6bf72810 SI769271af19a2299d 74532->74621 74535 6bffd0c0 74536 6bffd0ee 74535->74536 74537 6bffd127 74535->74537 74538 6bffd0f9 74536->74538 74623 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74536->74623 74574 6bfa5d80 74537->74574 74624 6bf5df00 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74538->74624 74542 6bffd119 SIaa0f8e0c251cfd1d 74542->74544 74543 6bffd144 74543->74544 74603 6bf4f280 74543->74603 74544->74515 74546 6bffd18f 74547 6bf4f280 3 API calls 74546->74547 74548 6bffd1c7 74547->74548 74548->74544 74612 6bff6630 SI7e899b5a8ad87eab 74548->74612 74551 6bffd24e 74626 6bf33fa0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74551->74626 74552 6bffd232 74552->74551 74625 6bf60480 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74552->74625 74555 6bffd268 SIccd01f4d70f48acf 74555->74544 74555->74551 74556 6bffd299 74627 6bf8fbf0 SI769271af19a2299d SI769271af19a2299d SI769271af19a2299d SI769271af19a2299d SI769271af19a2299d 74556->74627 74558->74507 74560 6bfe5641 74559->74560 74561 6bfe5649 74559->74561 74560->74513 74563 6bfe5697 _memset 74561->74563 74629 6bf7b260 74561->74629 74563->74513 74565 6bf72888 74564->74565 74567 6bf7288d 74564->74567 74566 6bf72a15 SI769271af19a2299d 74565->74566 74565->74567 74566->74520 74568 6bf72904 74567->74568 74573 6bf72923 74567->74573 74641 6bf5df00 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74568->74641 74571 6bf72915 74571->74520 74572 6bf7299d 74572->74520 74573->74572 74642 6bf4c8b0 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74573->74642 74576 6bfa5dc3 74574->74576 74575 6bf32f30 2 API calls 74579 6bfa5e7b _memset 74575->74579 74576->74575 74576->74579 74577 6bfa5f55 74577->74543 74578 6bf32f30 2 API calls 74581 6bfa6158 _memset 74578->74581 74579->74577 74579->74579 74580 6bfa6129 74579->74580 74582 6bfa5f30 74579->74582 74674 6bf33b30 74579->74674 74580->74578 74580->74581 74599 6bfa618b 74581->74599 74643 6bfa2770 74581->74643 74585 6bfa5f4c SIaa0f8e0c251cfd1d 74582->74585 74589 6bfa5f6f 74582->74589 74585->74577 74586 6bfa63fc SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74597 6bfa6484 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74586->74597 74588 6bfa6215 74588->74599 74670 6bf1f560 74588->74670 74591 6bfa5fe2 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74589->74591 74598 6bfa5f76 74589->74598 74592 6bfa6007 74591->74592 74592->74543 74593 6bfa60bf SIaa0f8e0c251cfd1d 74593->74580 74593->74599 74597->74543 74598->74593 74602 6bfa6198 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74598->74602 74599->74586 74599->74597 74680 6bf88820 74599->74680 74601 6bfa61e8 74601->74543 74602->74601 74604 6bf4f28c 74603->74604 74608 6bf4f2a0 74603->74608 74805 6bf3c0e0 RtlAllocateHeap SI769271af19a2299d _memset 74604->74805 74606 6bf4f299 _memset 74610 6bf4f319 74606->74610 74806 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74606->74806 74607 6bf32f30 2 API calls 74607->74606 74608->74606 74608->74607 74610->74546 74611 6bf4f2ff 74611->74546 74613 6bff6646 74612->74613 74615 6bff664c SIccd01f4d70f48acf 74612->74615 74807 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74613->74807 74615->74551 74615->74552 74618 6bf32f40 74616->74618 74617 6bf32fdf 74617->74521 74619 6bf32fc4 74618->74619 74808 6bf71c70 RtlAllocateHeap 74618->74808 74619->74521 74621->74535 74622->74535 74623->74538 74624->74542 74625->74555 74626->74556 74627->74544 74628->74512 74630 6bf7b269 SI9dbf9d88aa001ea6 74629->74630 74631 6bf7b278 74629->74631 74630->74631 74634 6bf71b10 74631->74634 74632 6bf7b2d3 74632->74563 74635 6bf71b21 74634->74635 74636 6bf71b1b 74634->74636 74637 6bf71b3d HeapCreate 74635->74637 74638 6bf71b70 74635->74638 74636->74632 74637->74638 74639 6bf71b4d SI769271af19a2299d 74637->74639 74638->74632 74639->74632 74641->74571 74642->74572 74644 6bfa27b6 74643->74644 74645 6bfa2805 74644->74645 74647 6bfa27e1 74644->74647 74651 6bfa290b 74644->74651 74646 6bfa2a40 74645->74646 74648 6bfa2a50 74645->74648 74650 6bf33b30 2 API calls 74645->74650 74646->74648 74649 6bfa2a47 SIaa0f8e0c251cfd1d 74646->74649 74647->74645 74654 6bf33b30 2 API calls 74647->74654 74648->74588 74649->74648 74652 6bfa2876 74650->74652 74651->74645 74653 6bf33b30 2 API calls 74651->74653 74658 6bfa2938 74651->74658 74652->74646 74655 6bfa2883 _memset 74652->74655 74653->74658 74654->74645 74656 6bfa2ad3 74655->74656 74657 6bfa2ac7 SIaa0f8e0c251cfd1d 74655->74657 74666 6bfa2b1e 74656->74666 74691 6bf8c5f0 74656->74691 74705 6bf8c799 74656->74705 74657->74656 74658->74645 74658->74648 74658->74658 74659 6bfa2a2b SIaa0f8e0c251cfd1d 74658->74659 74719 6bf727e0 SI769271af19a2299d 74658->74719 74659->74588 74663 6bfa2bf2 74667 6bfa2c35 74663->74667 74721 6bf267f0 74663->74721 74664 6bfa2a1e 74664->74645 74664->74659 74666->74663 74720 6bf88990 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74666->74720 74667->74588 74671 6bf1f56f _memset 74670->74671 74672 6bf1f589 74671->74672 74739 6bf89c00 74671->74739 74672->74599 74679 6bf88990 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74672->74679 74675 6bf33b46 74674->74675 74676 6bf33b3b 74674->74676 74675->74582 74676->74675 74677 6bf32f30 2 API calls 74676->74677 74678 6bf33b73 74677->74678 74678->74582 74679->74599 74682 6bf8883c 74680->74682 74749 6bf83ea0 74682->74749 74686 6bf888be 74687 6bf888c7 74686->74687 74765 6bf32570 13 API calls 74686->74765 74688 6bf267f0 SIaa0f8e0c251cfd1d 74687->74688 74690 6bf88952 SIaa0f8e0c251cfd1d 74688->74690 74690->74586 74704 6bf8c600 _memset 74691->74704 74693 6bf8c8dd SIaa0f8e0c251cfd1d 74693->74666 74694 6bf8c8f5 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74694->74666 74695 6bf8c7a0 CreateFileW 74695->74704 74696 6bf8c878 SI769271af19a2299d 74696->74704 74697 6bf8c8a8 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74699 6bf8c916 74697->74699 74697->74704 74698 6bf8c95c SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74703 6bf8c992 74698->74703 74735 6bf84220 SI769271af19a2299d 74699->74735 74702 6bf8c932 SI769271af19a2299d 74702->74666 74703->74666 74704->74693 74704->74694 74704->74695 74704->74696 74704->74697 74704->74698 74704->74699 74704->74703 74725 6bf46400 74704->74725 74706 6bf8c7a0 CreateFileW 74705->74706 74718 6bf8c600 _memset 74706->74718 74707 6bf8c878 SI769271af19a2299d 74707->74718 74708 6bf8c8a8 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74710 6bf8c916 74708->74710 74708->74718 74709 6bf8c95c SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74714 6bf8c992 74709->74714 74738 6bf84220 SI769271af19a2299d 74710->74738 74713 6bf8c932 SI769271af19a2299d 74713->74666 74714->74666 74715 6bf46400 4 API calls 74715->74718 74716 6bf8c8dd SIaa0f8e0c251cfd1d 74716->74666 74717 6bf8c8f5 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74717->74666 74718->74706 74718->74707 74718->74708 74718->74709 74718->74710 74718->74714 74718->74715 74718->74716 74718->74717 74719->74664 74720->74663 74722 6bf26808 SIaa0f8e0c251cfd1d 74721->74722 74723 6bf267f8 74721->74723 74722->74588 74723->74722 74724 6bf26898 SIaa0f8e0c251cfd1d 74723->74724 74724->74722 74726 6bf46454 74725->74726 74727 6bf46414 74725->74727 74737 6bf3d200 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d _memset 74726->74737 74727->74726 74730 6bf4641d 74727->74730 74729 6bf4645a 74729->74704 74736 6bf3d200 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d _memset 74730->74736 74732 6bf4642b 74733 6bf46434 74732->74733 74734 6bf46441 SIaa0f8e0c251cfd1d 74732->74734 74733->74704 74734->74704 74735->74702 74736->74732 74737->74729 74738->74713 74745 6bf89c23 74739->74745 74740 6bf89ca5 ReadFile 74741 6bf89d4c 74740->74741 74740->74745 74742 6bf89d53 SI769271af19a2299d 74741->74742 74743 6bf89c3c _memset 74741->74743 74742->74743 74743->74672 74744 6bf89d23 74748 6bf84220 SI769271af19a2299d 74744->74748 74745->74740 74745->74741 74745->74743 74745->74744 74747 6bf89d42 74747->74672 74748->74747 74750 6bf83fc6 74749->74750 74753 6bf83eba 74749->74753 74761 6bf269f0 74750->74761 74757 6bf83f34 74753->74757 74784 6bf839c0 18 API calls _memset 74753->74784 74754 6bf83fb1 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d 74754->74750 74756 6bf83fa3 74756->74754 74766 6bf25d60 74757->74766 74758 6bf83f03 74758->74757 74785 6bf71a10 SI769271af19a2299d 74758->74785 74762 6bf26a01 _memset 74761->74762 74763 6bf26ad9 74761->74763 74797 6bf31800 74762->74797 74763->74686 74765->74687 74767 6bf25d6c 74766->74767 74768 6bf25e06 74767->74768 74786 6bf8f3d0 74767->74786 74768->74754 74768->74756 74770 6bf89270 74768->74770 74771 6bf46400 4 API calls 74770->74771 74775 6bf89288 74771->74775 74772 6bf8928e 74772->74756 74773 6bf89385 GetFileAttributesW 74774 6bf89391 74773->74774 74783 6bf892b5 74773->74783 74776 6bf89395 DeleteFileW 74774->74776 74782 6bf893f5 74774->74782 74774->74783 74775->74772 74775->74773 74775->74783 74776->74774 74777 6bf89343 74776->74777 74779 6bf8934c SI769271af19a2299d 74777->74779 74780 6bf89373 SIaa0f8e0c251cfd1d 74777->74780 74779->74780 74780->74756 74781 6bf89412 SIaa0f8e0c251cfd1d 74781->74756 74796 6bf84220 SI769271af19a2299d 74782->74796 74783->74777 74783->74782 74784->74758 74785->74757 74787 6bf8f4a5 74786->74787 74788 6bf8f3e3 74786->74788 74787->74768 74788->74787 74790 6bf8cb90 74788->74790 74791 6bf8cd06 74790->74791 74794 6bf8cbaa 74790->74794 74791->74787 74793 6bf89270 10 API calls 74793->74794 74794->74791 74794->74793 74795 6bf89db0 SI769271af19a2299d 74794->74795 74795->74794 74796->74781 74798 6bf31810 74797->74798 74799 6bf31829 74798->74799 74801 6bf2fc70 74798->74801 74799->74763 74803 6bf2fc8d 74801->74803 74802 6bf2fd45 74802->74799 74803->74802 74804 6bf267f0 SIaa0f8e0c251cfd1d 74803->74804 74804->74803 74805->74606 74806->74611 74807->74615 74809 6bf71c90 SI769271af19a2299d 74808->74809 74810 6bf71caa 74808->74810 74809->74810 74810->74617 74812 6bf21480 74813 6bf2148b 74812->74813 74814 6bf214c1 74812->74814 74813->74814 74816 6bf71c30 74813->74816 74817 6bf71c43 RtlFreeHeap 74816->74817 74818 6bf71c69 74816->74818 74817->74818 74819 6bf71c51 SI769271af19a2299d 74817->74819 74818->74814 74819->74818 74821 6bf8f4d0 74822 6bf8f4e5 74821->74822 74823 6bf8f543 74822->74823 74828 6bf8d0f0 74822->74828 74825 6bf8f56d 74825->74823 74856 6bf84220 SI769271af19a2299d 74825->74856 74827 6bf8f5a2 74829 6bf8d10d 74828->74829 74830 6bf8d116 __gmtime64_s __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74828->74830 74829->74825 74857 6bf89800 74830->74857 74832 6bf8d166 74866 6bf89e30 SetFilePointer 74832->74866 74834 6bf8d173 74835 6bf8d189 SetEndOfFile 74834->74835 74836 6bf8d17a 74834->74836 74835->74836 74839 6bf8d1c0 74835->74839 74836->74839 74871 6bf84220 SI769271af19a2299d 74836->74871 74838 6bf8d33e 74838->74825 74839->74838 74840 6bf8d335 74839->74840 74842 6bf8d1f9 74839->74842 74875 6bf8ca40 SI769271af19a2299d 74840->74875 74842->74838 74872 6bf89970 SI769271af19a2299d 74842->74872 74844 6bf8d219 74844->74838 74845 6bf8d26d 74844->74845 74848 6bf89800 SI769271af19a2299d 74844->74848 74845->74838 74846 6bf89800 SI769271af19a2299d 74845->74846 74847 6bf8d280 74846->74847 74849 6bf8d2ce 74847->74849 74850 6bf8d29e 74847->74850 74848->74845 74852 6bf8d321 74849->74852 74874 6bf84220 SI769271af19a2299d 74849->74874 74873 6bf84220 SI769271af19a2299d 74850->74873 74852->74825 74853 6bf8d2c0 74853->74825 74855 6bf8d313 74855->74825 74856->74827 74858 6bf8980a 74857->74858 74861 6bf8983c 74857->74861 74860 6bf89815 74858->74860 74858->74861 74859 6bf8987e 74859->74832 74876 6bf84220 SI769271af19a2299d 74860->74876 74861->74859 74877 6bf84220 SI769271af19a2299d 74861->74877 74864 6bf89837 74864->74832 74865 6bf89879 74865->74832 74867 6bf89e91 74866->74867 74868 6bf89e5e 74866->74868 74867->74834 74868->74867 74878 6bf84220 SI769271af19a2299d 74868->74878 74870 6bf89e84 74870->74834 74871->74839 74872->74844 74873->74853 74874->74855 74875->74838 74876->74864 74877->74865 74878->74870 74879 6bf8f1a0 GetSystemInfo 74888 6bf75ff0 74879->74888 74881 6bf8f1e7 74882 6bf75ff0 4 API calls 74881->74882 74883 6bf8f1f3 74882->74883 74884 6bf75ff0 4 API calls 74883->74884 74885 6bf8f1ff 74884->74885 74886 6bf75ff0 4 API calls 74885->74886 74887 6bf8f20b 74886->74887 74889 6bfe5630 3 API calls 74888->74889 74890 6bf75ffa 74889->74890 74891 6bf7602e 74890->74891 74892 6bf76009 SI769271af19a2299d 74890->74892 74891->74881 74892->74881 74893 6bfa8eb0 74898 6bfa8ed1 74893->74898 74894 6bfa8f2d 74895 6bfa9148 74895->74894 74924 6bf42030 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d _memset 74895->74924 74898->74894 74898->74895 74900 6bfa90c8 74898->74900 74903 6bfa59e0 74898->74903 74921 6bf809e0 7 API calls _memset 74898->74921 74922 6bf32570 13 API calls 74898->74922 74900->74894 74900->74895 74923 6bf53c90 6 API calls 74900->74923 74925 6bfa24c0 74903->74925 74905 6bfa59f2 74906 6bfa5a77 74905->74906 74939 6bf7af00 74905->74939 74906->74898 74907 6bfa5c13 74907->74906 74964 6bf32570 13 API calls 74907->74964 74908 6bfa5a11 74908->74906 74908->74907 74911 6bfa5b41 74908->74911 74957 6bf8c490 74908->74957 74911->74907 74912 6bfa5b54 74911->74912 74913 6bfa5bc7 74911->74913 74915 6bfa5bf5 74911->74915 74912->74898 74961 6bf2f8c0 SIaa0f8e0c251cfd1d 74913->74961 74915->74907 74963 6bf72840 SI769271af19a2299d 74915->74963 74916 6bfa5bdf 74962 6bf88990 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 74916->74962 74919 6bfa5beb 74919->74898 74921->74898 74922->74898 74923->74895 74924->74894 74931 6bfa26f0 74925->74931 74934 6bfa24ee 74925->74934 74927 6bfa2544 74927->74905 74928 6bfa26c6 74974 6bf8c500 31 API calls 74928->74974 74930 6bfa261e 74930->74927 74930->74928 74938 6bf89c00 3 API calls 74930->74938 74931->74927 74965 6bf88b20 74931->74965 74932 6bfa25ed 74932->74927 74932->74930 74972 6bf9b2b0 10 API calls 2 library calls 74932->74972 74934->74927 74934->74930 74934->74931 74934->74932 74971 6bf727e0 SI769271af19a2299d 74934->74971 74935 6bfa267c 74935->74927 74935->74928 74973 6bf2fbb0 SIaa0f8e0c251cfd1d 74935->74973 74938->74935 74940 6bf7af11 SI769271af19a2299d 74939->74940 74941 6bf7af39 74939->74941 74940->74908 75001 6bf46100 74941->75001 74942 6bf7af55 74943 6bf7afd2 74942->74943 74944 6bf7b011 74942->74944 74945 6bf7afec SI769271af19a2299d 74942->74945 74946 6bf7af86 74942->74946 74943->74908 74947 6bf7b03c 74944->74947 74949 6bf7b025 74944->74949 74945->74946 74953 6bf7b063 _memset 74946->74953 75012 6bf32570 13 API calls 74946->75012 74947->74946 74952 6bf7b075 74947->74952 75006 6bf75c00 74949->75006 74951 6bf7b097 75014 6bf45ea0 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d _memset 74951->75014 74952->74951 74952->74953 75013 6bf42510 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d _memset 74952->75013 74953->74908 74958 6bf8c49b 74957->74958 74960 6bf8c4bf 74957->74960 74958->74960 75039 6bf88780 74958->75039 74960->74911 74961->74916 74962->74919 74963->74907 74964->74906 74966 6bf88b3f 74965->74966 74975 6bf88460 74966->74975 74968 6bf269f0 SIaa0f8e0c251cfd1d 74970 6bf88b87 74968->74970 74969 6bf88b4f 74969->74968 74969->74969 74969->74970 74970->74927 74971->74932 74972->74930 74973->74928 74974->74931 74979 6bf88472 74975->74979 74978 6bf88514 74978->74969 74979->74978 74980 6bf80bf0 74979->74980 74992 6bf3c450 7 API calls 74979->74992 74981 6bf80c01 74980->74981 74984 6bf80c0d 74981->74984 74993 6bf3c820 74981->74993 74983 6bf80d9a 74983->74979 74984->74983 74987 6bf3c820 3 API calls 74984->74987 74988 6bf80c6c 74984->74988 74989 6bf80cf5 74984->74989 74985 6bf80d64 SI769271af19a2299d 74986 6bf80d87 74985->74986 74986->74983 74990 6bf25d60 10 API calls 74986->74990 74987->74989 74988->74985 74988->74986 74989->74988 74999 6bf7aad0 8 API calls 3 library calls 74989->74999 74990->74983 74992->74979 74994 6bf3c833 74993->74994 74996 6bf3c846 _memset 74993->74996 75000 6bf34f90 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 74994->75000 74997 6bf3c84f _memset 74996->74997 74998 6bf32f30 2 API calls 74996->74998 74997->74984 74998->74997 74999->74988 75000->74996 75003 6bf46114 75001->75003 75002 6bf46130 75002->74942 75003->75002 75015 6bf422b0 75003->75015 75005 6bf4612b 75005->74942 75007 6bf75c24 75006->75007 75008 6bf75c33 __gmtime64_s 75006->75008 75038 6bf75370 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d SI769271af19a2299d 75007->75038 75010 6bf75c46 __gmtime64_s 75008->75010 75011 6bf89c00 3 API calls 75008->75011 75010->74946 75011->75010 75012->74953 75013->74951 75014->74953 75021 6bf422c7 75015->75021 75016 6bf422fc 75016->75005 75018 6bf42398 75024 6bf3ce80 75018->75024 75020 6bf423aa 75020->75005 75021->75016 75022 6bf4230d 75021->75022 75031 6bf3cd00 RtlAllocateHeap SI769271af19a2299d _memset 75021->75031 75022->75018 75022->75020 75032 6bf2c9a0 SIaa0f8e0c251cfd1d 75022->75032 75025 6bf3ce94 75024->75025 75026 6bf3cf1b 75024->75026 75028 6bf3ce9f 75025->75028 75037 6bf34ba0 RtlAllocateHeap SI769271af19a2299d __gmtime64_s 75025->75037 75026->75020 75028->75026 75033 6bf34a90 75028->75033 75031->75022 75032->75018 75035 6bf34a9f 75033->75035 75034 6bf34b2f 75034->75020 75035->75034 75036 6bf33b30 2 API calls 75035->75036 75036->75034 75037->75028 75038->75008 75040 6bf8878b 75039->75040 75042 6bf887c2 75040->75042 75043 6bf3c700 75040->75043 75042->74960 75044 6bf3c724 75043->75044 75045 6bf3c7af 75043->75045 75046 6bf33b30 2 API calls 75044->75046 75045->75042 75047 6bf3c72b _memset 75046->75047 75047->75045 75053 6bf8c799 15 API calls 75047->75053 75054 6bf8c5f0 15 API calls 75047->75054 75048 6bf3c794 75049 6bf25d60 10 API calls 75048->75049 75051 6bf3c79d 75048->75051 75050 6bf3c7c4 SIaa0f8e0c251cfd1d 75049->75050 75050->75042 75051->75042 75053->75048 75054->75048 75055 6bfab570 75056 6bfab5d3 75055->75056 75057 6bfab582 75055->75057 75057->75056 75063 6bf9ed80 75057->75063 75061 6bfab5c1 75061->75056 75078 6bf70f20 113 API calls 75061->75078 75064 6bf9edae 75063->75064 75065 6bf9ed96 75063->75065 75067 6bf25170 113 API calls 75064->75067 75066 6bf25170 113 API calls 75065->75066 75066->75064 75068 6bf9edcf 75067->75068 75068->75056 75069 6bf25170 75068->75069 75070 6bf2517b 75069->75070 75074 6bf25180 75069->75074 75070->75061 75071 6bf251cb 75071->75061 75072 6bf251d1 75072->75061 75074->75071 75074->75072 75075 6bf251d8 75074->75075 75079 6bf96160 75074->75079 75110 6bf1de60 113 API calls 75074->75110 75111 6bf1de00 113 API calls 75074->75111 75075->75061 75078->75056 75080 6bf96280 75079->75080 75082 6bf9619c 75079->75082 75080->75074 75081 6bf961a1 75081->75074 75082->75081 75104 6bf961ec 75082->75104 75158 6bf34f00 75082->75158 75084 6bf96402 75084->75080 75169 6bf545c0 33 API calls 75084->75169 75086 6bf25170 113 API calls 75086->75104 75089 6bf96e5c 75091 6bf96e9a 75089->75091 75172 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75089->75172 75091->75074 75092 6bf964e9 75170 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75092->75170 75094 6bf96e4d 75171 6bf34630 32 API calls 75094->75171 75096 6bf96e8b 75096->75074 75100 6bf964f7 75100->75074 75102 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75108 6bf9641a _memset 75102->75108 75104->75080 75104->75084 75104->75086 75104->75092 75105 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75104->75105 75112 6bf8d920 75104->75112 75151 6bf10850 75104->75151 75164 6bf4eac0 8 API calls _memset 75104->75164 75165 6bf4bbe0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75104->75165 75166 6bf91880 113 API calls 75104->75166 75167 6bf8a6f0 113 API calls 75104->75167 75168 6bf4bc10 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75104->75168 75105->75104 75106 6bf4fa90 33 API calls 75106->75108 75107 6bf493a0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75107->75108 75108->75080 75108->75089 75108->75094 75108->75102 75108->75106 75108->75107 75109 6bf4dd50 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75108->75109 75109->75108 75110->75074 75111->75074 75113 6bf8dccb 75112->75113 75114 6bf8d93a 75112->75114 75113->75104 75114->75113 75115 6bf8d98a 75114->75115 75116 6bf8d9a3 75114->75116 75173 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75115->75173 75174 6bf4bbe0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75116->75174 75119 6bf8d994 75119->75104 75120 6bf8d9ad 75120->75119 75121 6bf34f00 3 API calls 75120->75121 75122 6bf8d9bb 75121->75122 75122->75119 75123 6bf8d9f6 75122->75123 75124 6bf34f00 3 API calls 75122->75124 75127 6bf8da90 75123->75127 75176 6bf8a6f0 113 API calls 75123->75176 75125 6bf8d9d9 75124->75125 75125->75127 75175 6bf3a840 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75125->75175 75127->75104 75129 6bf8da4e 75129->75119 75130 6bf8da6f 75129->75130 75139 6bf8daa6 75129->75139 75177 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75130->75177 75132 6bf8da81 75132->75104 75133 6bf8dad4 75134 6bf8dbfb 75133->75134 75135 6bf8db07 75133->75135 75137 6bf25170 113 API calls 75134->75137 75136 6bf25170 113 API calls 75135->75136 75141 6bf8db17 75136->75141 75137->75141 75138 6bf8db29 75138->75104 75139->75133 75143 6bf8dbd8 75139->75143 75140 6bf8dc6a 75180 6bf4bd20 8 API calls _memset 75140->75180 75141->75138 75141->75140 75144 6bf8dc42 75141->75144 75178 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75143->75178 75179 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75144->75179 75147 6bf8dcac 75147->75104 75148 6bf8dbec 75148->75104 75149 6bf8dc7d 75149->75147 75150 6bf25170 113 API calls 75149->75150 75150->75147 75152 6bf10859 75151->75152 75153 6bf1088d 75151->75153 75155 6bfe30a0 113 API calls 75152->75155 75181 6bfe30a0 75153->75181 75157 6bf10888 75155->75157 75156 6bf1089f 75156->75104 75157->75104 75159 6bf34f1c 75158->75159 75160 6bf34f0c 75158->75160 75162 6bf34f17 _memset 75159->75162 75163 6bf33b30 2 API calls 75159->75163 75311 6bf4dd50 75160->75311 75162->75104 75163->75162 75164->75104 75165->75104 75166->75104 75167->75104 75168->75104 75169->75108 75170->75100 75171->75089 75172->75096 75173->75119 75174->75120 75175->75123 75176->75129 75177->75132 75178->75148 75179->75138 75180->75149 75182 6bfe30b9 75181->75182 75191 6bfe30cc 75181->75191 75182->75191 75195 6bfe23a0 75182->75195 75184 6bfe30d3 75184->75156 75185 6bfe3158 75185->75184 75187 6bfe31a9 75185->75187 75188 6bfe31c4 75185->75188 75186 6bfe3145 75186->75185 75202 6bf527d0 35 API calls _memset 75186->75202 75203 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75187->75203 75204 6bf49320 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75188->75204 75191->75184 75191->75185 75191->75186 75201 6bf4c2f0 33 API calls 75191->75201 75193 6bfe31b6 75193->75156 75196 6bfe23ce 75195->75196 75200 6bfe23dc 75195->75200 75205 6bfe1340 75196->75205 75197 6bfe2419 75197->75191 75199 6bfe1340 111 API calls 75199->75200 75200->75197 75200->75199 75201->75186 75202->75185 75203->75193 75204->75184 75206 6bfe138c 75205->75206 75220 6bfd6b00 75206->75220 75208 6bfe141d 75208->75200 75210 6bfe193b 75210->75200 75211 6bfa59e0 57 API calls 75212 6bfe13f0 75211->75212 75212->75208 75212->75211 75213 6bfe15cc 75212->75213 75215 6bfe1640 75212->75215 75230 6bf32570 13 API calls 75212->75230 75213->75215 75227 6bf493a0 75213->75227 75215->75210 75232 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75215->75232 75217 6bfe187d 75217->75215 75231 6bfc0160 7 API calls 75217->75231 75221 6bfd6b23 75220->75221 75222 6bfd6b2c 75220->75222 75221->75222 75226 6bfd6c25 75221->75226 75233 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75221->75233 75222->75212 75224 6bfd6c5c 75224->75212 75234 6bfb7b50 75226->75234 75296 6bf46470 75227->75296 75229 6bf493b3 SIc14fb8a21feb2e94 75229->75217 75230->75212 75231->75215 75232->75210 75233->75226 75235 6bfb7b5d 75234->75235 75236 6bfb7b64 75234->75236 75235->75224 75237 6bfb7b6a SI769271af19a2299d SI769271af19a2299d 75236->75237 75238 6bfb7b9c 75236->75238 75237->75224 75249 6bfb6850 75238->75249 75240 6bfb7bcf 75253 6bf41e30 75240->75253 75242 6bfb7bd9 75243 6bfb7bf5 75242->75243 75244 6bfb7be5 75242->75244 75247 6bfa68b0 69 API calls 75243->75247 75258 6bfa68b0 75244->75258 75246 6bfb7bee 75246->75224 75248 6bfb7c08 75247->75248 75248->75224 75250 6bfb685f 75249->75250 75251 6bfb6879 75250->75251 75274 6bf60f90 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75250->75274 75251->75240 75275 6bf3bcd0 6 API calls 75253->75275 75255 6bf41e39 75256 6bf41e6a 75255->75256 75257 6bf41ea5 SIaa0f8e0c251cfd1d 75255->75257 75256->75242 75257->75242 75259 6bfa68c8 75258->75259 75273 6bfa6e1a 75258->75273 75259->75273 75276 6bfa6790 75259->75276 75261 6bfa6923 75262 6bfa6933 75261->75262 75291 6bf4c4d0 32 API calls _memset 75261->75291 75292 6bf31ca0 SIaa0f8e0c251cfd1d 75262->75292 75265 6bfa693d 75293 6bf2e8a0 SIaa0f8e0c251cfd1d 75265->75293 75268 6bfa68dd 75268->75261 75280 6bfa5ca0 75268->75280 75271 6bfa6944 75272 6bfa6d12 75271->75272 75294 6bf45960 32 API calls 75271->75294 75295 6bf2e4c0 SIaa0f8e0c251cfd1d 75272->75295 75273->75246 75274->75251 75275->75255 75277 6bfa67a9 75276->75277 75278 6bf31b40 SIaa0f8e0c251cfd1d 75277->75278 75279 6bfa6815 75278->75279 75279->75268 75281 6bfa5cb5 75280->75281 75282 6bf88820 32 API calls 75281->75282 75287 6bfa5d4d SIaa0f8e0c251cfd1d 75281->75287 75283 6bfa5d00 75282->75283 75284 6bfa5d1b SIaa0f8e0c251cfd1d 75283->75284 75285 6bfa5d24 75283->75285 75284->75285 75286 6bfa5d44 SIaa0f8e0c251cfd1d 75285->75286 75288 6bf267f0 SIaa0f8e0c251cfd1d 75285->75288 75286->75287 75287->75268 75289 6bfa5d38 75288->75289 75289->75286 75291->75262 75292->75265 75293->75271 75294->75271 75295->75273 75301 6bf66260 75296->75301 75298 6bf464be 75300 6bf464fd 75298->75300 75309 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75298->75309 75300->75229 75305 6bf662a6 _memset __aulldiv __aullrem __aulldvrm 75301->75305 75302 6bf6781e 75307 6bf67809 75302->75307 75310 6bf53cf0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75302->75310 75304 6bf67838 75304->75298 75305->75302 75306 6bf53cf0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75305->75306 75305->75307 75308 6bf52140 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75305->75308 75306->75305 75307->75298 75308->75305 75309->75300 75310->75304 75312 6bf4dd6d 75311->75312 75315 6bf4dd92 75311->75315 75313 6bf4dd7c 75312->75313 75312->75315 75314 6bf49450 3 API calls 75313->75314 75317 6bf4dd8a 75314->75317 75316 6bf4dd9c 75315->75316 75320 6bf49450 75315->75320 75316->75162 75317->75162 75319 6bf4de33 75319->75162 75321 6bf49460 75320->75321 75322 6bf49481 75320->75322 75323 6bf33b30 2 API calls 75321->75323 75330 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75322->75330 75326 6bf49467 75323->75326 75325 6bf4948c 75325->75319 75327 6bf49479 75326->75327 75329 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75326->75329 75327->75319 75329->75327 75330->75325 75331 6bfb7dd0 75332 6bfb7b50 79 API calls 75331->75332 75333 6bfb7ddc 75332->75333 75334 6bef3413 75335 6bef341e 75334->75335 75336 6bef3423 75334->75336 75351 6befa8d4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 75335->75351 75340 6bef331d 75336->75340 75339 6bef3431 75341 6bef3329 __write 75340->75341 75342 6bef3381 75341->75342 75343 6bef336e __CRT_INIT 75341->75343 75346 6bef33ca __write 75341->75346 75352 6bf0c390 DisableThreadLibraryCalls 75342->75352 75343->75342 75343->75346 75345 6bef3389 75350 6bef33af 75345->75350 75353 6bf0c390 DisableThreadLibraryCalls 75345->75353 75346->75339 75347 6bef33be __CRT_INIT 75347->75346 75349 6bef339d __CRT_INIT 75349->75350 75350->75346 75350->75347 75351->75336 75352->75345 75353->75349 75354 6bfe0600 75355 6bfe061c 75354->75355 75356 6bfe0615 SI769271af19a2299d SI769271af19a2299d 75354->75356 75355->75356 75358 6bfe065f 75355->75358 75365 6bfe0420 75358->75365 75362 6bfe0676 75363 6bfe06cc 75362->75363 75364 6bfe0420 4 API calls 75362->75364 75380 6bfd82c0 11 API calls 75362->75380 75381 6bfb7aa0 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75362->75381 75364->75362 75372 6bfe043f 75365->75372 75376 6bfe04a8 75365->75376 75366 6bfe046e 75367 6bfe0476 75366->75367 75366->75376 75378 6bfe054f 75367->75378 75389 6bf60f90 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75367->75389 75368 6bfe052d 75382 6bfd9a00 75368->75382 75369 6bfe0524 75390 6bf5dc00 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75369->75390 75372->75366 75372->75376 75388 6bfb7aa0 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75372->75388 75375 6bfe0498 75375->75362 75376->75368 75376->75369 75377 6bfe052b 75377->75378 75391 6bf60f90 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75377->75391 75378->75362 75380->75362 75381->75362 75383 6bfd9a6a 75382->75383 75384 6bfd9ab3 75383->75384 75392 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75383->75392 75386 6bfdfeb3 75393 6bf48cc0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75386->75393 75388->75372 75389->75375 75390->75377 75391->75378 75392->75386 75393->75384 75394 6bff6360 75407 6bf75da0 75394->75407 75396 6bff6370 75397 6bff6411 SI769271af19a2299d 75396->75397 75398 6bff638f 75396->75398 75413 6bf4c670 75398->75413 75400 6bff63ca 75401 6bff63d1 SIdb45e174afb28e2c 75403 6bff63de 75401->75403 75404 6bff63e8 75401->75404 75402 6bff63ac 75402->75400 75402->75401 75422 6bf77d70 75404->75422 75406 6bff6409 75408 6bf75da5 SI769271af19a2299d 75407->75408 75409 6bf75dbd 75407->75409 75408->75396 75410 6bf75dfc 75409->75410 75411 6bf75de4 SI769271af19a2299d 75409->75411 75412 6bf75dcc SI769271af19a2299d 75409->75412 75410->75396 75411->75396 75412->75396 75415 6bf4c68d 75413->75415 75414 6bf34f00 3 API calls 75416 6bf4c808 75414->75416 75415->75414 75417 6bf4c748 75415->75417 75416->75417 75436 6bf3d290 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75416->75436 75417->75402 75419 6bf4c865 75419->75417 75437 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75419->75437 75421 6bf4c87b 75421->75402 75423 6bf75da0 3 API calls 75422->75423 75424 6bf77d88 75423->75424 75425 6bf77d8c SI769271af19a2299d 75424->75425 75430 6bf77db4 75424->75430 75425->75406 75427 6bf77df4 75431 6bf77e14 75427->75431 75432 6bf77e33 75427->75432 75428 6bf32f30 2 API calls 75428->75427 75429 6bf77e70 75433 6bf77e85 SIaa0f8e0c251cfd1d 75429->75433 75435 6bf77e1a 75429->75435 75430->75427 75430->75428 75430->75432 75455 6bf493c0 SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75431->75455 75438 6bf72a40 75432->75438 75433->75435 75435->75406 75436->75419 75437->75421 75439 6bf72c55 SI769271af19a2299d 75438->75439 75441 6bf72a55 75438->75441 75440 6bf72c78 75439->75440 75440->75429 75441->75439 75442 6bf72ab5 75441->75442 75443 6bf72a40 6 API calls 75442->75443 75448 6bf72adf 75442->75448 75445 6bf72b1f 75443->75445 75444 6bf4c670 5 API calls 75447 6bf72b83 75444->75447 75445->75440 75446 6bf72a40 6 API calls 75445->75446 75446->75448 75450 6bf72bc5 75447->75450 75451 6bf72ba5 75447->75451 75448->75440 75448->75444 75449 6bf4c670 5 API calls 75454 6bf72bed 75449->75454 75450->75449 75450->75454 75456 6bf5df00 SIaa0f8e0c251cfd1d SIaa0f8e0c251cfd1d RtlAllocateHeap SI769271af19a2299d 75451->75456 75453 6bf72bb6 75453->75429 75454->75429 75455->75435 75456->75453 75457 6bef4320 HeapCreate

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 6BF96160 Relevance: 25.6, APIs: 4, Strings: 10, Instructions: 1093COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s.%s$%s.%s.%s$..%s$H$access to view "%s" prohibited$no such table: %s$no tables specified$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
                                                                                                                                                                              • API String ID: 0-1430084385
                                                                                                                                                                              • Opcode ID: 72aaa61e67aa4b787647796cafe927d11ba9c1a87ed36aa8f031b637e83dc7c3
                                                                                                                                                                              • Instruction ID: 3e2afea2dccb692fe4a091ed824b4f66792cb73eddb37bf26b190b31da8581b3
                                                                                                                                                                              • Opcode Fuzzy Hash: 72aaa61e67aa4b787647796cafe927d11ba9c1a87ed36aa8f031b637e83dc7c3
                                                                                                                                                                              • Instruction Fuzzy Hash: B9928D72A08702AFE704DF24D480A16BBF5BF89358F10899DF8948B361E739E955CBD1
                                                                                                                                                                              Function 6BFA5D80 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 651COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFA5EA2
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BFA5F4D
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFA5FE3
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BFA5FEC
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BFA6116
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFA617B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID: :memory:
                                                                                                                                                                              • API String ID: 1480580083-2920599690
                                                                                                                                                                              • Opcode ID: 3a820bb5d4e8497c4971866bbaceab67c69a87a31cb609554233093803e45917
                                                                                                                                                                              • Instruction ID: 43361e9e09f9eb71d47b3a8df5e191d4fe3ce51da5a9d89bbbebd5b700c05654
                                                                                                                                                                              • Opcode Fuzzy Hash: 3a820bb5d4e8497c4971866bbaceab67c69a87a31cb609554233093803e45917
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E32D4B2A08341EFDB18CF28C88071B7BF5BF85708F0445A9F9598B261D739E955CB92
                                                                                                                                                                              Function 6BF8F1A0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemInfo.KERNEL32(6C03A0BC,?,6BF8F6C5,?,?,6BFE5767), ref: 6BF8F1D5
                                                                                                                                                                                • Part of subcall function 6BF75FF0: SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000062A9,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,?,6BF8F1E7,6C035CA8,00000001,?,6BF8F6C5,?,?,6BFE5767), ref: 6BF7601F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.InfoSystem
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4045177776-0
                                                                                                                                                                              • Opcode ID: 75afddf0ff432576e68bee26b361d8466a25f60b7e5ea8a7035e036510797207
                                                                                                                                                                              • Instruction ID: a26531582a4d674b40fa79485acf8f5bf01f4d570dd9ef406ba9b8816ab56bba
                                                                                                                                                                              • Opcode Fuzzy Hash: 75afddf0ff432576e68bee26b361d8466a25f60b7e5ea8a7035e036510797207
                                                                                                                                                                              • Instruction Fuzzy Hash: 5601FBB6A45243AEDF74DFF49D497403AF0F70A315F30456AE21ECAAA0EF3850009B55
                                                                                                                                                                              Function 6BF8C5F0 Relevance: 31.9, APIs: 11, Strings: 7, Instructions: 353COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 0 6bf8c5f0-6bf8c5f9 1 6bf8c600-6bf8c64e call 6bef5eb0 0->1 4 6bf8c66d-6bf8c67c call 6bf46400 1->4 5 6bf8c650-6bf8c661 call 6bf89430 1->5 12 6bf8c8dd-6bf8c8f4 SIaa0f8e0c251cfd1d 4->12 13 6bf8c682-6bf8c689 call 6bf27060 4->13 10 6bf8c9fd-6bf8ca03 5->10 11 6bf8c667-6bf8c66a 5->11 11->4 16 6bf8c68f-6bf8c6a8 13->16 17 6bf8c8f5-6bf8c915 SIaa0f8e0c251cfd1d * 2 13->17 18 6bf8c6aa-6bf8c6b1 16->18 19 6bf8c6b3-6bf8c6bd 16->19 20 6bf8c6c0-6bf8c6f8 call 6bf2df70 18->20 19->20 23 6bf8c6fe-6bf8c705 call 6bf13f20 20->23 24 6bf8c7a0-6bf8c7be CreateFileW 20->24 23->24 34 6bf8c70b 23->34 26 6bf8c860-6bf8c869 24->26 27 6bf8c7c4-6bf8c7c8 24->27 29 6bf8c874-6bf8c876 26->29 30 6bf8c808-6bf8c817 27->30 31 6bf8c7ca-6bf8c7d8 27->31 35 6bf8c878-6bf8c89c SI769271af19a2299d 29->35 36 6bf8c89f-6bf8c8a2 29->36 47 6bf8c859-6bf8c85e 30->47 48 6bf8c819-6bf8c81c 30->48 32 6bf8c7da 31->32 33 6bf8c7dc-6bf8c7fb call 6bf890b0 31->33 32->33 50 6bf8c7fd 33->50 51 6bf8c7ff-6bf8c801 33->51 40 6bf8c710-6bf8c730 34->40 35->36 37 6bf8c8a8-6bf8c8c4 SIaa0f8e0c251cfd1d * 2 36->37 38 6bf8c95c-6bf8c961 36->38 42 6bf8c916-6bf8c95b call 6bf84220 SI769271af19a2299d 37->42 43 6bf8c8c6-6bf8c8ca 37->43 45 6bf8c96e-6bf8c990 SIaa0f8e0c251cfd1d * 2 38->45 46 6bf8c963-6bf8c96c 38->46 60 6bf8c86e-6bf8c871 40->60 61 6bf8c736-6bf8c73a 40->61 43->42 49 6bf8c8cc-6bf8c8d8 43->49 54 6bf8c992-6bf8c994 45->54 55 6bf8c996 45->55 46->45 47->29 56 6bf8c83e-6bf8c854 48->56 57 6bf8c81e-6bf8c821 48->57 49->1 50->51 51->30 58 6bf8c803-6bf8c806 51->58 62 6bf8c99b-6bf8c9a9 54->62 55->62 56->24 57->56 63 6bf8c823-6bf8c826 57->63 58->26 58->30 60->29 65 6bf8c73c-6bf8c74a 61->65 66 6bf8c77e-6bf8c78b call 6bf208b0 61->66 67 6bf8c9ab 62->67 68 6bf8c9af-6bf8c9b6 62->68 63->56 69 6bf8c828-6bf8c82b 63->69 74 6bf8c74c 65->74 75 6bf8c74e-6bf8c76d call 6bf890b0 65->75 82 6bf8c86b 66->82 83 6bf8c791-6bf8c794 66->83 67->68 71 6bf8c9b8-6bf8c9cd call 6bf2df70 68->71 72 6bf8c9d5-6bf8c9fb 68->72 69->56 70 6bf8c82d-6bf8c830 69->70 70->56 76 6bf8c832-6bf8c835 70->76 85 6bf8c9cf 71->85 86 6bf8c9d3 71->86 72->10 74->75 87 6bf8c76f 75->87 88 6bf8c771-6bf8c773 75->88 76->56 80 6bf8c837-6bf8c83c 76->80 80->47 80->56 82->60 83->24 83->40 85->86 86->72 87->88 88->66 89 6bf8c775-6bf8c778 88->89 89->60 89->66
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF8C63B
                                                                                                                                                                                • Part of subcall function 6BF89430: _memset.LIBCMT ref: 6BF8946A
                                                                                                                                                                                • Part of subcall function 6BF89430: SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF894DF
                                                                                                                                                                              Strings
                                                                                                                                                                              • cannot open file, xrefs: 6BF8C93C
                                                                                                                                                                              • exclusive, xrefs: 6BF8C6C5
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8C941
                                                                                                                                                                              • delayed %dms for lock/sharing conflict at line %d, xrefs: 6BF8C890
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8C932
                                                                                                                                                                              • winOpen, xrefs: 6BF8C923
                                                                                                                                                                              • psow, xrefs: 6BF8C9BD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset$Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$cannot open file$delayed %dms for lock/sharing conflict at line %d$exclusive$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$psow$winOpen
                                                                                                                                                                              • API String ID: 2593926388-2160668777
                                                                                                                                                                              • Opcode ID: 744937200b7b9e9f155ad8b42e112b4009deecb083af9a2b369cc865e640ba39
                                                                                                                                                                              • Instruction ID: b3eb09555a608f9f5b57ffa6095b4006f6e44e32c1df0ac4804e3dffe81a5c01
                                                                                                                                                                              • Opcode Fuzzy Hash: 744937200b7b9e9f155ad8b42e112b4009deecb083af9a2b369cc865e640ba39
                                                                                                                                                                              • Instruction Fuzzy Hash: 07C1A677E40206ABDF14CFA8D881BAEB7B4FF45714F144669E918A73A0D738E940CB91
                                                                                                                                                                              Function 6BFFCE00 Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 400COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 90 6bffce00-6bffce1b 91 6bffce1d-6bffce44 SI769271af19a2299d 90->91 92 6bffce45-6bffce4e call 6bfe5630 90->92 95 6bffd31a-6bffd320 92->95 96 6bffce54-6bffce5e 92->96 97 6bffce64-6bffce69 96->97 98 6bffce60-6bffce62 96->98 100 6bffce6f-6bffce79 97->100 101 6bffce6b-6bffce6d 97->101 99 6bffce82-6bffce87 98->99 102 6bffce89-6bffce8e 99->102 103 6bffce90-6bffce96 99->103 100->99 104 6bffce7b 100->104 101->99 105 6bffce9d-6bffceab 102->105 103->105 106 6bffce98 103->106 104->99 107 6bffcead-6bffceb4 105->107 108 6bffcf1b-6bffcf2f 105->108 106->105 109 6bffceb6-6bffcebd 107->109 110 6bffcec0-6bffced9 call 6bf32f30 107->110 115 6bffcee9-6bffceeb 108->115 109->110 118 6bffcedb-6bffcee2 110->118 119 6bffcee5 110->119 116 6bffceed-6bffcef9 call 6bef5eb0 115->116 117 6bffcefc-6bffcf04 115->117 116->117 121 6bffcf0a-6bffcf0c 117->121 122 6bffd2c1-6bffd2cf SIccd01f4d70f48acf 117->122 118->119 119->115 124 6bffcf0e-6bffcf15 121->124 125 6bffcf56-6bffcf5b 121->125 126 6bffd2eb-6bffd2ed 122->126 127 6bffd2d1-6bffd2e9 call 6bfa7000 122->127 131 6bffcf17-6bffcf19 124->131 132 6bffcf31-6bffcf39 124->132 129 6bffcf5d-6bffcf64 125->129 130 6bffcf67-6bffd099 call 6bf72870 * 5 125->130 134 6bffd2ef 126->134 135 6bffd2f3-6bffd2fa 126->135 127->135 129->130 159 6bffd09f-6bffd0b4 130->159 160 6bffd2ac-6bffd2b1 130->160 139 6bffcf3c-6bffcf41 131->139 132->139 134->135 136 6bffd2fc-6bffd308 call 6bf8f960 135->136 137 6bffd30b-6bffd318 call 6bf245c0 135->137 136->137 137->95 139->125 146 6bffcf43-6bffcf51 SIaa0f8e0c251cfd1d 139->146 150 6bffd2ba 146->150 152 6bffd2bd 150->152 152->122 162 6bffd0c6-6bffd0e6 call 6bf39dc0 159->162 163 6bffd0b6-6bffd0c4 call 6bf72810 159->163 160->152 161 6bffd2b3 160->161 161->150 168 6bffd0ea-6bffd0ec 162->168 163->168 169 6bffd0ee-6bffd0f1 168->169 170 6bffd127-6bffd149 call 6bfa5d80 168->170 171 6bffd0f3-6bffd0fd call 6bf493c0 169->171 172 6bffd100-6bffd122 call 6bf5df00 SIaa0f8e0c251cfd1d 169->172 177 6bffd14b-6bffd150 170->177 178 6bffd178-6bffd19c call 6bf25950 call 6bf4f280 170->178 171->172 172->160 181 6bffd157-6bffd15c 177->181 182 6bffd152 177->182 194 6bffd19e-6bffd1b2 call 6bf50940 178->194 195 6bffd1b4-6bffd1f9 call 6bf25890 call 6bf4f280 178->195 184 6bffd15e-6bffd165 call 6bf32ea0 181->184 185 6bffd16a-6bffd173 call 6bf32770 181->185 182->181 184->160 193 6bffd2aa 185->193 193->160 194->195 195->160 202 6bffd1ff-6bffd208 195->202 203 6bffd20a-6bffd215 call 6bf32770 202->203 204 6bffd217 202->204 206 6bffd21e-6bffd230 call 6bff6630 SIccd01f4d70f48acf 203->206 204->206 210 6bffd24e-6bffd253 206->210 211 6bffd232 206->211 212 6bffd27a-6bffd27f call 6bf32770 210->212 213 6bffd255-6bffd25c call 6bf32ea0 210->213 214 6bffd237-6bffd23d 211->214 223 6bffd283-6bffd2a7 call 6bf33fa0 call 6bf8fbf0 212->223 213->223 215 6bffd23f-6bffd241 214->215 216 6bffd25e-6bffd260 214->216 222 6bffd244-6bffd24c 215->222 216->210 220 6bffd262-6bffd276 call 6bf60480 SIccd01f4d70f48acf 216->220 220->193 228 6bffd278 220->228 222->210 222->214 223->193 228->223
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AFB6,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,6742C603,?), ref: 6BFFCE33
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFFCEF4
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFFCF44
                                                                                                                                                                              • SIccd01f4d70f48acf.SQLITE.INTEROP(00000000), ref: 6BFFD2C2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.Iaa0f8e0c251cfd1d.Iccd01f4d70f48acf._memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$BINARY$NOCASE$RTRIM$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$main$misuse$temp$v
                                                                                                                                                                              • API String ID: 3155288359-869345495
                                                                                                                                                                              • Opcode ID: 2e77a025e0199967ea96b97f6b357f392797af2738b3b2073475ce29f8dc374a
                                                                                                                                                                              • Instruction ID: 4ca824f39e32cf2a93a9db24be5b6426c728238864f114a8b3e0d3a6e561fd85
                                                                                                                                                                              • Opcode Fuzzy Hash: 2e77a025e0199967ea96b97f6b357f392797af2738b3b2073475ce29f8dc374a
                                                                                                                                                                              • Instruction Fuzzy Hash: FCE126B7A443129BDB14DF28CC81B4B3BA8AF45718F0449A9EC198B376D779D401CBE2
                                                                                                                                                                              Function 6BFA2770 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 486COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 803 6bfa2770-6bfa27b4 804 6bfa27bb-6bfa27cc 803->804 805 6bfa27b6 803->805 806 6bfa290d-6bfa290f 804->806 807 6bfa27d2-6bfa27d7 804->807 805->804 808 6bfa2847-6bfa2869 806->808 809 6bfa2915-6bfa291a 806->809 807->808 810 6bfa27d9-6bfa27db 807->810 811 6bfa286f-6bfa287d call 6bf33b30 808->811 812 6bfa2a40-6bfa2a45 808->812 809->808 813 6bfa2920-6bfa292f 809->813 814 6bfa290b 810->814 815 6bfa27e1-6bfa27e3 810->815 811->812 826 6bfa2883-6bfa28c9 call 6bef5eb0 811->826 816 6bfa2a50-6bfa2a5b 812->816 817 6bfa2a47-6bfa2a4d SIaa0f8e0c251cfd1d 812->817 819 6bfa2942-6bfa2944 813->819 820 6bfa2931-6bfa2940 call 6bf33b30 813->820 814->806 821 6bfa27e6-6bfa27eb 815->821 817->816 825 6bfa2947-6bfa294c 819->825 820->825 821->821 824 6bfa27ed-6bfa27f8 821->824 828 6bfa27fe-6bfa280c call 6bf33b30 824->828 829 6bfa2904-6bfa2906 824->829 825->816 830 6bfa2952-6bfa296b 825->830 839 6bfa2a88 826->839 840 6bfa28cf-6bfa28e5 call 6befe330 826->840 831 6bfa281c-6bfa2821 828->831 841 6bfa280e-6bfa2819 call 6befe330 828->841 829->831 842 6bfa298b-6bfa298d 830->842 843 6bfa296d-6bfa2973 830->843 831->816 837 6bfa2827-6bfa282c 831->837 838 6bfa2830-6bfa2835 837->838 838->838 844 6bfa2837-6bfa2840 838->844 845 6bfa2a92-6bfa2a94 839->845 858 6bfa28eb-6bfa28ff call 6befe330 840->858 859 6bfa2a5c 840->859 841->831 849 6bfa2990-6bfa2995 842->849 843->842 848 6bfa2975-6bfa2988 843->848 844->808 851 6bfa2ab3 845->851 852 6bfa2a96-6bfa2ab1 call 6befe330 845->852 848->842 849->849 850 6bfa2997-6bfa29a5 849->850 855 6bfa29a8-6bfa29ad 850->855 857 6bfa2abd-6bfa2abf 851->857 852->857 855->855 860 6bfa29af-6bfa29c1 855->860 863 6bfa2ad3-6bfa2ae6 857->863 864 6bfa2ac1-6bfa2ac5 857->864 861 6bfa2a5d-6bfa2a86 call 6befe330 858->861 859->861 868 6bfa29f9-6bfa2a03 860->868 869 6bfa29c3-6bfa29c5 860->869 861->845 866 6bfa2aec-6bfa2aef 863->866 867 6bfa2bc6-6bfa2be1 863->867 864->863 871 6bfa2ac7-6bfa2ad0 SIaa0f8e0c251cfd1d 864->871 866->867 873 6bfa2af5-6bfa2b15 866->873 876 6bfa2c97 867->876 877 6bfa2be7-6bfa2bf9 call 6bf88990 867->877 878 6bfa2a2b-6bfa2a3f SIaa0f8e0c251cfd1d 868->878 879 6bfa2a05-6bfa2a0e 868->879 874 6bfa29c8-6bfa29cd 869->874 871->863 927 6bfa2b1c call 6bf8c799 873->927 928 6bfa2b1c call 6bf8c5f0 873->928 874->874 881 6bfa29cf-6bfa29da 874->881 880 6bfa2c9a-6bfa2ca1 876->880 877->880 893 6bfa2bff-6bfa2c33 call 6bf20410 877->893 879->808 883 6bfa2a14-6bfa2a25 call 6bf727e0 879->883 885 6bfa2cb2-6bfa2cce call 6bf267f0 SIaa0f8e0c251cfd1d 880->885 886 6bfa2ca3-6bfa2cac 880->886 887 6bfa29e0-6bfa29e5 881->887 883->808 883->878 884 6bfa2b1e-6bfa2b3f 884->880 890 6bfa2b45-6bfa2b4c 884->890 886->885 887->887 891 6bfa29e7-6bfa29f1 887->891 895 6bfa2b59-6bfa2b5d 890->895 896 6bfa2b4e-6bfa2b57 890->896 891->869 898 6bfa29f3-6bfa29f6 891->898 893->880 906 6bfa2c35-6bfa2c62 893->906 901 6bfa2b5f-6bfa2b71 call 6bf26260 895->901 902 6bfa2b84-6bfa2ba3 call 6bf2df70 895->902 896->895 898->868 901->902 914 6bfa2b73-6bfa2b7f 901->914 912 6bfa2bbf-6bfa2bc3 902->912 913 6bfa2ba5-6bfa2bbd call 6bf2df70 902->913 910 6bfa2c6b-6bfa2c8f call 6bf26260 906->910 911 6bfa2c64 906->911 919 6bfa2ccf-6bfa2cd3 910->919 920 6bfa2c91-6bfa2c95 910->920 911->910 912->867 913->877 913->912 914->902 918 6bfa2b81 914->918 918->902 923 6bfa2cdb 919->923 924 6bfa2cd5-6bfa2cd9 919->924 922 6bfa2cdf-6bfa2cff call 6bf80fc0 920->922 923->922 924->922 924->923 927->884 928->884
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFA2887
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,?,00000001,00000000,?,?,?,?,?,?,6BFA6215), ref: 6BFA2ACB
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,?,00000001,00000000), ref: 6BFA2CBE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID: -journal$immutable$nolock
                                                                                                                                                                              • API String ID: 1480580083-4201244970
                                                                                                                                                                              • Opcode ID: a2c074aa4554d40bf25760314aa65de5fc03181e94697462b4dfef52e6f07bae
                                                                                                                                                                              • Instruction ID: aef0dde4d7f48c2e0d705f0c6cb333bbc2a83d102f9fab40ba56db7d2bb21579
                                                                                                                                                                              • Opcode Fuzzy Hash: a2c074aa4554d40bf25760314aa65de5fc03181e94697462b4dfef52e6f07bae
                                                                                                                                                                              • Instruction Fuzzy Hash: F202D7B2F00616DFDB04CF69C880B9ABBB5BF45314F1482A9E8589B351D73AE905CBD1
                                                                                                                                                                              Function 6BFE1340 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 479COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIc14fb8a21feb2e94.SQLITE.INTEROP(6BFADA3D,00000000,Function_000E6B00,?,00000000,6BFADA3D,SELECT*FROM"%w".%s ORDER BY rowid,?,?), ref: 6BFE1867
                                                                                                                                                                              Strings
                                                                                                                                                                              • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6BFE183C
                                                                                                                                                                              • table, xrefs: 6BFE137F
                                                                                                                                                                              • unsupported file format, xrefs: 6BFE17D7
                                                                                                                                                                              • sqlite_master, xrefs: 6BFE1397
                                                                                                                                                                              • attached databases must use the same text encoding as main database, xrefs: 6BFE1727
                                                                                                                                                                              • sqlite_temp_master, xrefs: 6BFE138C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Ic14fb8a21feb2e94.
                                                                                                                                                                              • String ID: SELECT*FROM"%w".%s ORDER BY rowid$attached databases must use the same text encoding as main database$sqlite_master$sqlite_temp_master$table$unsupported file format
                                                                                                                                                                              • API String ID: 3249223497-2450480176
                                                                                                                                                                              • Opcode ID: 5e7acc4adc03a8bf71716415a032938f543e3c5a858a7278d679349973f7891c
                                                                                                                                                                              • Instruction ID: ea35a8273db8d165768db16d7df8f45b28a3a691f2f259153de169817c5ef1db
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e7acc4adc03a8bf71716415a032938f543e3c5a858a7278d679349973f7891c
                                                                                                                                                                              • Instruction Fuzzy Hash: F012A372A087519FD710CF29C04076BBBF1BF85314F14899DE4998B361D778EA46CBA2
                                                                                                                                                                              Function 6BF89270 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1103 6bf89270-6bf8928c call 6bf46400 1106 6bf8929a-6bf892a2 1103->1106 1107 6bf8928e-6bf89299 1103->1107 1108 6bf892a8-6bf892af call 6bf13f20 1106->1108 1109 6bf89385-6bf8938f GetFileAttributesW 1106->1109 1108->1109 1118 6bf892b5-6bf892bf 1108->1118 1110 6bf8932c-6bf89338 1109->1110 1111 6bf89391-6bf89393 1109->1111 1124 6bf8933a-6bf8933d 1110->1124 1125 6bf89343 1110->1125 1114 6bf893f8-6bf89428 call 6bf84220 SIaa0f8e0c251cfd1d 1111->1114 1115 6bf89395-6bf8939e DeleteFileW 1111->1115 1116 6bf89348-6bf8934a 1115->1116 1117 6bf893a0-6bf893ac 1115->1117 1121 6bf8934c-6bf89370 SI769271af19a2299d 1116->1121 1122 6bf89373-6bf89384 SIaa0f8e0c251cfd1d 1116->1122 1129 6bf893ae-6bf893b1 1117->1129 1130 6bf893f5 1117->1130 1118->1110 1128 6bf892c1-6bf892c3 1118->1128 1121->1122 1124->1114 1124->1125 1125->1116 1128->1114 1133 6bf892c9-6bf892d2 1128->1133 1131 6bf893d3-6bf893ee 1129->1131 1132 6bf893b3-6bf893b6 1129->1132 1130->1114 1131->1111 1142 6bf893f0 1131->1142 1132->1131 1134 6bf893b8-6bf893bb 1132->1134 1133->1116 1138 6bf892d4-6bf892e0 1133->1138 1134->1131 1136 6bf893bd-6bf893c0 1134->1136 1136->1131 1139 6bf893c2-6bf893c5 1136->1139 1138->1130 1145 6bf892e6-6bf892e9 1138->1145 1139->1131 1141 6bf893c7-6bf893ca 1139->1141 1141->1131 1144 6bf893cc-6bf893d1 1141->1144 1142->1110 1144->1130 1144->1131 1146 6bf892eb-6bf892ee 1145->1146 1147 6bf8930f-6bf8932a 1145->1147 1146->1147 1148 6bf892f0-6bf892f3 1146->1148 1147->1110 1147->1128 1148->1147 1149 6bf892f5-6bf892f8 1148->1149 1149->1147 1151 6bf892fa-6bf892fd 1149->1151 1151->1147 1152 6bf892ff-6bf89302 1151->1152 1152->1147 1154 6bf89304-6bf89309 1152->1154 1154->1130 1154->1147
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000C473), ref: 6BF8936B
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF89374
                                                                                                                                                                              Strings
                                                                                                                                                                              • winDelete, xrefs: 6BF89408
                                                                                                                                                                              • delayed %dms for lock/sharing conflict at line %d, xrefs: 6BF89364
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                              • API String ID: 2544783548-1405699761
                                                                                                                                                                              • Opcode ID: ad0f8b4291a03d2b42503fd3dee96705099d583f8d6e88836599763dc0c4b1fe
                                                                                                                                                                              • Instruction ID: 35b28382deaec26d644465fbab07a8ed3665b1309ae9aba280f945f6cee1c19b
                                                                                                                                                                              • Opcode Fuzzy Hash: ad0f8b4291a03d2b42503fd3dee96705099d583f8d6e88836599763dc0c4b1fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 54412A77B04202DBDF2056B89CC556D737DE7C7325B20AAA2E92EC61F2DF38C8618651
                                                                                                                                                                              Function 6BFE0600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 110COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1155 6bfe0600-6bfe0613 1156 6bfe061c-6bfe0624 1155->1156 1157 6bfe0615-6bfe061a 1155->1157 1159 6bfe065f-6bfe0664 1156->1159 1160 6bfe0626 1156->1160 1158 6bfe062b-6bfe065e SI769271af19a2299d * 2 1157->1158 1161 6bfe0666-6bfe066d 1159->1161 1162 6bfe0670-6bfe0671 call 6bfe0420 1159->1162 1160->1158 1161->1162 1165 6bfe0676-6bfe067e 1162->1165 1166 6bfe0684 1165->1166 1167 6bfe0723-6bfe072c 1165->1167 1170 6bfe068a-6bfe0694 1166->1170 1168 6bfe072e-6bfe0735 1167->1168 1169 6bfe0738-6bfe0740 1167->1169 1168->1169 1170->1167 1171 6bfe069a-6bfe06a6 call 6bfd82c0 1170->1171 1175 6bfe06ce-6bfe06e8 call 6bf63690 1171->1175 1176 6bfe06a8-6bfe06b3 call 6bfb7aa0 1171->1176 1183 6bfe06ea-6bfe06ee call 6bf27640 1175->1183 1184 6bfe06f3-6bfe06fb 1175->1184 1181 6bfe06bc-6bfe06ca call 6bfe0420 1176->1181 1182 6bfe06b5 1176->1182 1193 6bfe06cc 1181->1193 1194 6bfe0686 1181->1194 1182->1181 1183->1184 1185 6bfe06fd-6bfe0712 call 6bf3d5a0 call 6bf32ec0 1184->1185 1186 6bfe0714-6bfe071b 1184->1186 1190 6bfe0720 1185->1190 1186->1190 1190->1167 1193->1167 1194->1170
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,API called with finalized prepared statement,00000000,00000000,6BFADA3D,?,6BFB9755,?,?,?,?,?,6BFADA3D,00000000,?), ref: 6BFE062D
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0001590B,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,6BFADA3D,?,6BFB9755,?,?,?,?,?,6BFADA3D,00000000), ref: 6BFE064B
                                                                                                                                                                              Strings
                                                                                                                                                                              • API called with NULL prepared statement, xrefs: 6BFE0615
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFE0644
                                                                                                                                                                              • API called with finalized prepared statement, xrefs: 6BFE0626
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFE0635
                                                                                                                                                                              • misuse, xrefs: 6BFE063F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-4004311192
                                                                                                                                                                              • Opcode ID: 2ce9f285459eea97c64949555f1b884f2f27492c168eb1be0c9bdcfd947e517e
                                                                                                                                                                              • Instruction ID: 066bc55bbdc99e1821e5a238a692c0e3f311de4f6a4cdc32d51c7db99e09999e
                                                                                                                                                                              • Opcode Fuzzy Hash: 2ce9f285459eea97c64949555f1b884f2f27492c168eb1be0c9bdcfd947e517e
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F31C973B4470267D3019E789C43B2B73E4ABC5318F040879E9599B362EFA9D90687F2
                                                                                                                                                                              Function 6BF8D0F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1197 6bf8d0f0-6bf8d10b 1198 6bf8d10d-6bf8d115 1197->1198 1199 6bf8d116-6bf8d11b 1197->1199 1200 6bf8d148-6bf8d14d 1199->1200 1201 6bf8d11d-6bf8d145 call 6bef5f30 call 6befc3c0 1199->1201 1203 6bf8d15b-6bf8d15f 1200->1203 1204 6bf8d14f-6bf8d159 1200->1204 1201->1200 1206 6bf8d161-6bf8d178 call 6bf89800 call 6bf89e30 1203->1206 1204->1206 1213 6bf8d189-6bf8d195 SetEndOfFile 1206->1213 1214 6bf8d17a-6bf8d187 1206->1214 1215 6bf8d1d3-6bf8d1d5 1213->1215 1216 6bf8d197-6bf8d1a2 1213->1216 1217 6bf8d1b3-6bf8d1c9 call 6bf84220 1214->1217 1219 6bf8d1db 1215->1219 1220 6bf8d341-6bf8d34b 1215->1220 1216->1215 1225 6bf8d1a4-6bf8d1b1 1216->1225 1217->1220 1226 6bf8d1cf 1217->1226 1223 6bf8d1dd-6bf8d1df 1219->1223 1224 6bf8d1e5-6bf8d1e8 1219->1224 1223->1220 1223->1224 1227 6bf8d1ee 1224->1227 1228 6bf8d335-6bf8d33e call 6bf8ca40 1224->1228 1225->1217 1226->1215 1230 6bf8d1f9-6bf8d208 1227->1230 1231 6bf8d1f0-6bf8d1f3 1227->1231 1228->1220 1230->1220 1233 6bf8d20e-6bf8d21e call 6bf89970 1230->1233 1231->1228 1231->1230 1233->1220 1236 6bf8d224-6bf8d230 1233->1236 1237 6bf8d242 1236->1237 1238 6bf8d232 1236->1238 1241 6bf8d246-6bf8d25a 1237->1241 1239 6bf8d23c-6bf8d240 1238->1239 1240 6bf8d234-6bf8d23a 1238->1240 1239->1241 1240->1239 1240->1241 1242 6bf8d25c-6bf8d25f 1241->1242 1243 6bf8d26d-6bf8d270 1241->1243 1242->1243 1244 6bf8d261 1242->1244 1245 6bf8d27b-6bf8d29c call 6bf89800 1243->1245 1246 6bf8d272-6bf8d275 1243->1246 1248 6bf8d268 call 6bf89800 1244->1248 1249 6bf8d263-6bf8d266 1244->1249 1253 6bf8d2ce-6bf8d2de 1245->1253 1254 6bf8d29e-6bf8d2cd call 6bf84220 1245->1254 1246->1220 1246->1245 1248->1243 1249->1243 1249->1248 1258 6bf8d2e0-6bf8d320 call 6bf84220 1253->1258 1259 6bf8d321-6bf8d334 1253->1259
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF8D134
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                              • String ID: winMapfile1$winMapfile2$winTruncate1$winTruncate2
                                                                                                                                                                              • API String ID: 885266447-4235389256
                                                                                                                                                                              • Opcode ID: 3b3601785bc1669e2fafe594405033a055fb585588cab1eb5c4c32328b9ead1c
                                                                                                                                                                              • Instruction ID: 1bf18218fd888e3d1c726282618d2d82c0867553cc40859a86f8548c2735b6f1
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b3601785bc1669e2fafe594405033a055fb585588cab1eb5c4c32328b9ead1c
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D61A17BB447029BE720CF65E981A1BB3F5FF85711F00496EE9498BA50DB38E8058B61
                                                                                                                                                                              Function 6BF7AF00 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 165COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1265 6bf7af00-6bf7af0f 1266 6bf7af11-6bf7af38 SI769271af19a2299d 1265->1266 1267 6bf7af39-6bf7af5e call 6bf46100 1265->1267 1269 6bf7af60-6bf7af78 call 6bf138e0 1267->1269 1270 6bf7af8e-6bf7af9a 1267->1270 1277 6bf7b050-6bf7b05a 1269->1277 1278 6bf7af7e-6bf7af84 1269->1278 1272 6bf7afb0-6bf7afbc 1270->1272 1273 6bf7af9c-6bf7afae call 6bf13870 1270->1273 1276 6bf7afbe-6bf7afcc 1272->1276 1273->1276 1280 6bf7afe1-6bf7afea 1276->1280 1281 6bf7afce-6bf7afd0 1276->1281 1283 6bf7b063-6bf7b074 1277->1283 1284 6bf7b05c-6bf7b05e call 6bf32570 1277->1284 1278->1270 1282 6bf7af86-6bf7af89 1278->1282 1286 6bf7b011-6bf7b01a 1280->1286 1287 6bf7afec-6bf7b00f SI769271af19a2299d 1280->1287 1281->1280 1285 6bf7afd2-6bf7afe0 1281->1285 1282->1277 1284->1283 1289 6bf7b03c-6bf7b042 1286->1289 1290 6bf7b01c-6bf7b01f 1286->1290 1288 6bf7b049-6bf7b04b call 6bf20280 1287->1288 1288->1277 1293 6bf7b075-6bf7b077 1289->1293 1294 6bf7b044 1289->1294 1290->1289 1292 6bf7b021-6bf7b023 1290->1292 1292->1289 1298 6bf7b025-6bf7b02b call 6bf75c00 1292->1298 1296 6bf7b0af-6bf7b0c1 call 6bef5eb0 1293->1296 1297 6bf7b079-6bf7b080 1293->1297 1294->1288 1307 6bf7b0c4-6bf7b0cc 1296->1307 1299 6bf7b084-6bf7b087 1297->1299 1300 6bf7b082 1297->1300 1305 6bf7b030-6bf7b034 1298->1305 1303 6bf7b09a-6bf7b0ab call 6bf45ea0 1299->1303 1304 6bf7b089-6bf7b08e 1299->1304 1300->1299 1303->1296 1314 6bf7b0ad 1303->1314 1304->1303 1308 6bf7b090-6bf7b097 call 6bf42510 1304->1308 1305->1307 1309 6bf7b03a 1305->1309 1308->1303 1309->1288 1314->1296
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0000ED90,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7AF27
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: c3fb9f839abb36470fde37e2661cd74c9373963a72c7adb6a6e353beb47c43e7
                                                                                                                                                                              • Instruction ID: 0eea2c49f0832e42ffcbac0e83429537e9a1076efdc122072a0ef8ed2acbc8af
                                                                                                                                                                              • Opcode Fuzzy Hash: c3fb9f839abb36470fde37e2661cd74c9373963a72c7adb6a6e353beb47c43e7
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F51E973B04202ABD720AF78EC91B96B3A4FB41355F0145F6ED2C9B252E739E81187E1
                                                                                                                                                                              Function 6BFB7B50 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 76COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1316 6bfb7b50-6bfb7b5b 1317 6bfb7b5d-6bfb7b63 1316->1317 1318 6bfb7b64-6bfb7b68 1316->1318 1319 6bfb7b6a-6bfb7b9b SI769271af19a2299d * 2 1318->1319 1320 6bfb7b9c-6bfb7ba1 1318->1320 1321 6bfb7bad-6bfb7bb4 1320->1321 1322 6bfb7ba3-6bfb7baa 1320->1322 1323 6bfb7bc8-6bfb7bdd call 6bfb6850 call 6bf41e30 1321->1323 1324 6bfb7bb6 1321->1324 1322->1321 1333 6bfb7bdf-6bfb7be3 1323->1333 1334 6bfb7bf5-6bfb7c0e call 6bf32ec0 call 6bfa68b0 1323->1334 1326 6bfb7bb8-6bfb7bbf 1324->1326 1327 6bfb7bc1-6bfb7bc3 call 6bf1e260 1324->1327 1326->1323 1326->1327 1327->1323 1333->1334 1335 6bfb7be5-6bfb7be9 call 6bfa68b0 1333->1335 1339 6bfb7bee-6bfb7bf4 1335->1339
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,API called with finalized prepared statement,?,6BFADA3D,6BFADAE9,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF,00000000,00000000,6BFADA3D,?,6BFADA3D), ref: 6BFB7B71
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0001565C,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000015,API called with finalized prepared statement,?,6BFADA3D,6BFADAE9,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF), ref: 6BFB7B8C
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFB7B85
                                                                                                                                                                              • API called with finalized prepared statement, xrefs: 6BFB7B6A
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFB7B76
                                                                                                                                                                              • misuse, xrefs: 6BFB7B80
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-170423033
                                                                                                                                                                              • Opcode ID: a88898e14b3d0b2df7a697a794b63dbfe01c9230ae318363605ded0124942dd5
                                                                                                                                                                              • Instruction ID: 523d3d5b623b221531ce571f54c8a22cc7810ef9c13bd7625b4e6b7fa672ecaf
                                                                                                                                                                              • Opcode Fuzzy Hash: a88898e14b3d0b2df7a697a794b63dbfe01c9230ae318363605ded0124942dd5
                                                                                                                                                                              • Instruction Fuzzy Hash: AA119333B00215A7EB10AFBDEC81B4AB7989B4066AF008476EA0CDB655DA7DD8444BD1
                                                                                                                                                                              Function 6BF72A40 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 213COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1342 6bf72a40-6bf72a4f 1343 6bf72c55-6bf72c73 SI769271af19a2299d 1342->1343 1344 6bf72a55-6bf72a59 1342->1344 1345 6bf72c78-6bf72c7e 1343->1345 1346 6bf72a65-6bf72a77 1344->1346 1347 6bf72a5b-6bf72a5f 1344->1347 1346->1343 1348 6bf72a7d-6bf72a8f 1346->1348 1347->1343 1347->1346 1348->1343 1349 6bf72a95-6bf72a9f 1348->1349 1349->1343 1350 6bf72aa5-6bf72aaf call 6bf14ec0 1349->1350 1350->1343 1353 6bf72ab5-6bf72ad2 1350->1353 1354 6bf72b6d 1353->1354 1355 6bf72ad8 1353->1355 1356 6bf72b72-6bf72b88 call 6bf4c670 1354->1356 1355->1356 1357 6bf72adf-6bf72ae4 1355->1357 1358 6bf72ae9-6bf72b24 call 6bf72a40 1355->1358 1364 6bf72bd0-6bf72bd4 1356->1364 1365 6bf72b8a-6bf72b92 1356->1365 1357->1356 1358->1345 1363 6bf72b2a-6bf72b62 call 6bf72a40 1358->1363 1363->1345 1376 6bf72b68-6bf72b6b 1363->1376 1368 6bf72bd6-6bf72bda 1364->1368 1369 6bf72bdc-6bf72be8 call 6bf4c670 1364->1369 1365->1364 1366 6bf72b94-6bf72b9a 1365->1366 1366->1364 1370 6bf72b9c-6bf72ba3 1366->1370 1368->1369 1372 6bf72c4c-6bf72c54 1368->1372 1377 6bf72bed-6bf72bf4 1369->1377 1374 6bf72bc5-6bf72bce call 6bf11da0 1370->1374 1375 6bf72ba5-6bf72bc4 call 6bf5df00 1370->1375 1374->1369 1376->1356 1380 6bf72bf6-6bf72bff 1377->1380 1381 6bf72c00-6bf72c10 call 6bf2dfd0 1377->1381 1386 6bf72c14-6bf72c27 1381->1386 1387 6bf72c12 1381->1387 1388 6bf72c2c-6bf72c4a 1386->1388 1389 6bf72c29 1386->1389 1387->1386 1388->1372 1389->1388
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AA59,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,00000000,00000001,?,?,6BF77E70,?,?,?,?,?), ref: 6BF72C6B
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF72C64
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF72C55
                                                                                                                                                                              • misuse, xrefs: 6BF72C5F
                                                                                                                                                                              • unable to delete/modify user-function due to active statements, xrefs: 6BF72BA5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse$unable to delete/modify user-function due to active statements
                                                                                                                                                                              • API String ID: 2981141233-207740414
                                                                                                                                                                              • Opcode ID: 828eefddfc93c68a2d7496764860b001ba84b0547e757a06ecaf29ea46333a08
                                                                                                                                                                              • Instruction ID: 59ed216481cffbe606948a42647024f5b947f6b6734383c5b25066755de753bf
                                                                                                                                                                              • Opcode Fuzzy Hash: 828eefddfc93c68a2d7496764860b001ba84b0547e757a06ecaf29ea46333a08
                                                                                                                                                                              • Instruction Fuzzy Hash: 2061D472A002059BDB24DE29DC81BEB73E9EB8D354F0581BAFD0D87251D739E841CB90
                                                                                                                                                                              Function 6BF89C00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 160fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1390 6bf89c00-6bf89c21 1391 6bf89c83-6bf89ca2 1390->1391 1392 6bf89c23 1390->1392 1393 6bf89ca5-6bf89cc1 ReadFile 1391->1393 1394 6bf89c29-6bf89c33 1392->1394 1395 6bf89c25-6bf89c27 1392->1395 1396 6bf89d4c-6bf89d51 1393->1396 1397 6bf89cc7-6bf89cd0 1393->1397 1398 6bf89c5b-6bf89c81 call 6befe330 1394->1398 1399 6bf89c35 1394->1399 1395->1391 1395->1394 1403 6bf89d7a-6bf89d82 1396->1403 1404 6bf89d53-6bf89d77 SI769271af19a2299d 1396->1404 1397->1396 1412 6bf89cd2-6bf89ce1 1397->1412 1398->1391 1400 6bf89c3c-6bf89c4f call 6befe330 1399->1400 1401 6bf89c37-6bf89c3a 1399->1401 1406 6bf89c52-6bf89c5a 1400->1406 1401->1398 1401->1400 1405 6bf89d88-6bf89da4 call 6bef5eb0 1403->1405 1403->1406 1404->1403 1415 6bf89d23-6bf89d4b call 6bf84220 1412->1415 1416 6bf89ce3-6bf89ce6 1412->1416 1417 6bf89d08-6bf89d21 1416->1417 1418 6bf89ce8-6bf89ceb 1416->1418 1417->1393 1418->1417 1420 6bf89ced-6bf89cf0 1418->1420 1420->1417 1422 6bf89cf2-6bf89cf5 1420->1422 1422->1417 1424 6bf89cf7-6bf89cfa 1422->1424 1424->1417 1425 6bf89cfc-6bf89cff 1424->1425 1425->1417 1426 6bf89d01-6bf89d06 1425->1426 1426->1415 1426->1417
                                                                                                                                                                              APIs
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?,?), ref: 6BF89CB9
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BA17), ref: 6BF89D72
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF89D91
                                                                                                                                                                              Strings
                                                                                                                                                                              • delayed %dms for lock/sharing conflict at line %d, xrefs: 6BF89D6B
                                                                                                                                                                              • winRead, xrefs: 6BF89D36
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileI769271af19a2299d.Read_memset
                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                              • API String ID: 1962725645-1843600136
                                                                                                                                                                              • Opcode ID: 9dc17166d76863cdafa8782d899d9182682d1269b499de3fefeeb5d353638cd7
                                                                                                                                                                              • Instruction ID: 2d50a34f72b29c4be111b6e645aafea50b09c218bfeaae74fe1748194be13934
                                                                                                                                                                              • Opcode Fuzzy Hash: 9dc17166d76863cdafa8782d899d9182682d1269b499de3fefeeb5d353638cd7
                                                                                                                                                                              • Instruction Fuzzy Hash: 3251D677B0020A9BCB04CF68CC819AD77FAFB89314F10D55AE849CB251DB35D9428B91
                                                                                                                                                                              Function 6BF77D70 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 131COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1427 6bf77d70-6bf77d8a call 6bf75da0 1430 6bf77db4-6bf77db9 1427->1430 1431 6bf77d8c-6bf77db3 SI769271af19a2299d 1427->1431 1432 6bf77dc5-6bf77dc8 1430->1432 1433 6bf77dbb-6bf77dc2 1430->1433 1434 6bf77e45-6bf77e6b call 6bf72a40 1432->1434 1435 6bf77dca-6bf77dd0 1432->1435 1433->1432 1440 6bf77e70-6bf77e77 1434->1440 1438 6bf77e26-6bf77e31 1435->1438 1439 6bf77dd2-6bf77dd9 1435->1439 1452 6bf77e0e-6bf77e12 1438->1452 1441 6bf77de5-6bf77dfe call 6bf32f30 1439->1441 1442 6bf77ddb-6bf77de2 1439->1442 1444 6bf77e91-6bf77e95 1440->1444 1445 6bf77e79-6bf77e7c 1440->1445 1453 6bf77e00-6bf77e07 1441->1453 1454 6bf77e0a 1441->1454 1442->1441 1449 6bf77e97-6bf77e99 1444->1449 1450 6bf77e9f-6bf77ea8 call 6bf32ec0 1444->1450 1445->1444 1448 6bf77e7e-6bf77e89 SIaa0f8e0c251cfd1d 1445->1448 1464 6bf77e8e 1448->1464 1449->1450 1457 6bf77e9b-6bf77e9d 1449->1457 1461 6bf77eaa-6bf77eaf 1450->1461 1455 6bf77e14-6bf77e24 call 6bf493c0 1452->1455 1456 6bf77e33-6bf77e42 1452->1456 1453->1454 1454->1452 1455->1464 1456->1434 1457->1461 1466 6bf77eb1-6bf77eb8 1461->1466 1467 6bf77ebb-6bf77ec3 1461->1467 1464->1444 1466->1467
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AAD8,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,?,6BF812CB,tointeger,00000001,00200801,00000000,6BF67D30), ref: 6BF77DA2
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77D9B
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77D8C
                                                                                                                                                                              • misuse, xrefs: 6BF77D96
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 27b3e52e6138ebe0f6655ab31debab57fcb2ea6c3aba5a88dd161fa32eaa93ae
                                                                                                                                                                              • Instruction ID: f33e990314c10412ef0f36bcd6456f0d7adfa26c20019755ae1da3d0e019878b
                                                                                                                                                                              • Opcode Fuzzy Hash: 27b3e52e6138ebe0f6655ab31debab57fcb2ea6c3aba5a88dd161fa32eaa93ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 644193B26101059BDB20EF68E845E6B73A8EF49719F0041B5FD1DD7221EB39EC108BA3
                                                                                                                                                                              Function 6BF80AD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1470 6bf80ad0-6bf80ae0 1471 6bf80b22-6bf80b35 call 6bf7af00 1470->1471 1472 6bf80ae2-6bf80b00 SI769271af19a2299d 1470->1472 1475 6bf80b37-6bf80b3e 1471->1475 1473 6bf80b05 1472->1473 1474 6bf80b08-6bf80b0a 1473->1474 1476 6bf80b1a-6bf80b21 1474->1476 1477 6bf80b0c-6bf80b17 1474->1477 1475->1473 1478 6bf80b40-6bf80b4f 1475->1478 1477->1476 1479 6bf80b51-6bf80b57 1478->1479 1480 6bf80b86-6bf80b8b 1478->1480 1483 6bf80b59-6bf80b73 1479->1483 1484 6bf80b76-6bf80b81 call 6bf7a830 1479->1484 1481 6bf80b8d-6bf80b94 1480->1481 1482 6bf80be0-6bf80be7 1480->1482 1485 6bf80b9e-6bf80bc1 SI769271af19a2299d 1481->1485 1486 6bf80b96-6bf80b9c 1481->1486 1483->1484 1490 6bf80bc3 1484->1490 1491 6bf80b83 1484->1491 1488 6bf80bc6-6bf80bcd 1485->1488 1486->1482 1486->1485 1488->1474 1492 6bf80bd3-6bf80bdb call 6bf25f00 1488->1492 1490->1488 1491->1480 1492->1474
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000113C6,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000074,00000000,?,?,?,?), ref: 6BF80AF8
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000113DB,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF80BB4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: eacc24830d97112b6039ebc3a87031a5efdbcb9e4e41c1b09f3b2e2a4847aaf8
                                                                                                                                                                              • Instruction ID: 27ebedee49065bbee282969abf21df47bd7917e97fdb7bae3a2c0de82e4d4eac
                                                                                                                                                                              • Opcode Fuzzy Hash: eacc24830d97112b6039ebc3a87031a5efdbcb9e4e41c1b09f3b2e2a4847aaf8
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D31A132A412109FC701DF28C841E5677F6AB41724F8A84D9ED689F732E7B5ED81CB90
                                                                                                                                                                              Function 6BFF6360 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1496 6bff6360-6bff6372 call 6bf75da0 1499 6bff6378-6bff637d 1496->1499 1500 6bff6411-6bff6438 SI769271af19a2299d 1496->1500 1499->1500 1501 6bff6383-6bff6389 1499->1501 1501->1500 1502 6bff638f-6bff6394 1501->1502 1503 6bff6396-6bff639d 1502->1503 1504 6bff63a0-6bff63ba call 6bf4c670 1502->1504 1503->1504 1508 6bff63bc-6bff63c3 1504->1508 1509 6bff63c6-6bff63c8 1504->1509 1508->1509 1510 6bff63ca-6bff63d0 1509->1510 1511 6bff63d1-6bff63dc SIdb45e174afb28e2c 1509->1511 1513 6bff63de-6bff63e7 1511->1513 1514 6bff63e8-6bff6404 call 6bf77d70 1511->1514 1516 6bff6409-6bff6410 1514->1516
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(?), ref: 6BFF63D2
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AB6D,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BFF6427
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFF6420
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFF6411
                                                                                                                                                                              • misuse, xrefs: 6BFF641B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.$Idb45e174afb28e2c.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2065001458-160653349
                                                                                                                                                                              • Opcode ID: 96454e7a1fab0f52a8cf5a7bbfe8fcbfbce240e4a2ba7279c92a4eeb74ef5d23
                                                                                                                                                                              • Instruction ID: b1efb10f0cd5fa6a815952fc9b341a6a24dda746b1c4090503347ead845f1242
                                                                                                                                                                              • Opcode Fuzzy Hash: 96454e7a1fab0f52a8cf5a7bbfe8fcbfbce240e4a2ba7279c92a4eeb74ef5d23
                                                                                                                                                                              • Instruction Fuzzy Hash: F411B473B4121537EA102969AC82F6A735C9B81B6DF000171FE1DEB2A1EB59E81182B1
                                                                                                                                                                              Function 6BF80BF0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1517 6bf80bf0-6bf80bff 1518 6bf80c11-6bf80c17 call 6bf3c820 1517->1518 1519 6bf80c01-6bf80c0b 1517->1519 1523 6bf80c1c-6bf80c23 1518->1523 1519->1518 1520 6bf80c0d-6bf80c0f 1519->1520 1522 6bf80c42-6bf80c46 1520->1522 1525 6bf80c48-6bf80c5a call 6bf25bc0 1522->1525 1526 6bf80cb2-6bf80cb7 1522->1526 1523->1522 1524 6bf80c25-6bf80c2b 1523->1524 1527 6bf80c31-6bf80c3c 1524->1527 1528 6bf80db2-6bf80db8 1524->1528 1529 6bf80c60-6bf80c64 1525->1529 1536 6bf80d5b-6bf80d62 1525->1536 1526->1529 1527->1522 1532 6bf80cb9-6bf80cc2 1529->1532 1533 6bf80c66-6bf80c6a 1529->1533 1534 6bf80ce3-6bf80ceb 1532->1534 1535 6bf80cc4-6bf80cc7 1532->1535 1533->1532 1537 6bf80c6c-6bf80c70 1533->1537 1539 6bf80cf9-6bf80cff call 6bf3c820 1534->1539 1540 6bf80ced-6bf80cf3 1534->1540 1535->1534 1538 6bf80cc9-6bf80ce1 1535->1538 1543 6bf80d64-6bf80d82 SI769271af19a2299d 1536->1543 1544 6bf80d87-6bf80d8b 1536->1544 1541 6bf80ca8-6bf80cad 1537->1541 1542 6bf80c72-6bf80c8a 1537->1542 1538->1534 1545 6bf80d57-6bf80d59 1538->1545 1553 6bf80d04-6bf80d0b 1539->1553 1540->1539 1546 6bf80cf5-6bf80cf7 1540->1546 1541->1545 1542->1545 1556 6bf80c90-6bf80c93 1542->1556 1543->1544 1548 6bf80d8d-6bf80d8f 1544->1548 1549 6bf80db0 1544->1549 1545->1536 1545->1544 1551 6bf80d0d-6bf80d1f call 6bf25bc0 1546->1551 1554 6bf80dac 1548->1554 1555 6bf80d91-6bf80da7 call 6bf25d60 1548->1555 1549->1528 1557 6bf80d33-6bf80d37 1551->1557 1564 6bf80d21-6bf80d2d call 6bf7aad0 1551->1564 1553->1551 1553->1557 1554->1549 1555->1554 1565 6bf80da9 1555->1565 1556->1541 1561 6bf80c95-6bf80ca5 1556->1561 1557->1545 1560 6bf80d39-6bf80d41 1557->1560 1560->1545 1566 6bf80d43-6bf80d54 1560->1566 1561->1541 1564->1557 1565->1554 1566->1545
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000E,%s at line %d of [%.10s],cannot open file,0001002A,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,00000000), ref: 6BF80D7A
                                                                                                                                                                              Strings
                                                                                                                                                                              • cannot open file, xrefs: 6BF80D6E
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF80D73
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF80D64
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$cannot open file$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-1856461355
                                                                                                                                                                              • Opcode ID: c8080837fec36f26b59602c376952e36b870fadf3eb50820f1fa2b4984a530b0
                                                                                                                                                                              • Instruction ID: 007b3dc5bcbbf6c479a0b2158f70e5cb31a0e648481a19047d9c2661d5b50802
                                                                                                                                                                              • Opcode Fuzzy Hash: c8080837fec36f26b59602c376952e36b870fadf3eb50820f1fa2b4984a530b0
                                                                                                                                                                              • Instruction Fuzzy Hash: DC512433A457409FE721DA74C881B4777F29B85304F9004A9D98A9B3A1EBFDF986C781
                                                                                                                                                                              Function 6BF93B30 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 132COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1571 6bf93b30-6bf93b40 1572 6bf93b42-6bf93b44 1571->1572 1573 6bf93b75-6bf93b83 1571->1573 1574 6bf93b55-6bf93b59 1572->1574 1575 6bf93b46-6bf93b4f call 6bf8f090 1572->1575 1576 6bf93b89-6bf93b90 1573->1576 1577 6bf93c65-6bf93c83 SI769271af19a2299d 1573->1577 1580 6bf93b5f-6bf93b61 1574->1580 1581 6bf93c46-6bf93c51 1574->1581 1575->1574 1579 6bf93c88-6bf93c8e 1575->1579 1582 6bf93b92-6bf93b9e 1576->1582 1583 6bf93ba4-6bf93baa 1576->1583 1577->1579 1580->1573 1585 6bf93b63-6bf93b6a 1580->1585 1582->1577 1582->1583 1586 6bf93bb0-6bf93bb4 1583->1586 1587 6bf93c52-6bf93c56 1583->1587 1585->1573 1590 6bf93b6c-6bf93b74 1585->1590 1592 6bf93be2 1586->1592 1593 6bf93bb6-6bf93bc6 call 6bf836f0 1586->1593 1588 6bf93c5c-6bf93c64 1587->1588 1589 6bf93bd6-6bf93be1 call 6bf87e70 1587->1589 1595 6bf93be4-6bf93be9 1592->1595 1597 6bf93bcb-6bf93bd0 1593->1597 1599 6bf93beb-6bf93c25 call 6bf25f00 1595->1599 1600 6bf93c43 1595->1600 1597->1579 1597->1589 1599->1595 1603 6bf93c27-6bf93c2b 1599->1603 1600->1581 1603->1590 1604 6bf93c31-6bf93c34 call 6bf9a6d0 1603->1604 1606 6bf93c39-6bf93c42 1604->1606
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000122A6,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,?,00000000,?,6BF9A704,00000000,?,?,6BF9A7BA,00000000), ref: 6BF93C7B
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF93C6F
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF93C74
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF93C65
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 31d7ff669202bbfa55a512f97c2638c4b1b8432689377d7a657feae4e536a6f6
                                                                                                                                                                              • Instruction ID: 287bdb68bda3131d6f9c978fa7fc307146013075b382211c1dd232410ae2ce14
                                                                                                                                                                              • Opcode Fuzzy Hash: 31d7ff669202bbfa55a512f97c2638c4b1b8432689377d7a657feae4e536a6f6
                                                                                                                                                                              • Instruction Fuzzy Hash: C141AB23748A5149E331AE79B8417A2F3E0DB4071AF0005EFD9ADC7A61E31AE881C391
                                                                                                                                                                              Function 6BF87E70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011F6E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,00000000,00000000,6BF93BDB,00000000,00000000,?,00000000,?,6BF9A704,00000000), ref: 6BF87F04
                                                                                                                                                                                • Part of subcall function 6BF80AD0: SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000113C6,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000074,00000000,?,?,?,?), ref: 6BF80AF8
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF87EF8
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF87EFD
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF87EEE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 7cb90d10d6f1baa7d530906ecec8be44cc10a53368ef98293b8c0b7cbf89dccc
                                                                                                                                                                              • Instruction ID: 80bb580b2fe5ba20d86d2f806acf0d10d310168d82510d23afb1f9ffbafca11a
                                                                                                                                                                              • Opcode Fuzzy Hash: 7cb90d10d6f1baa7d530906ecec8be44cc10a53368ef98293b8c0b7cbf89dccc
                                                                                                                                                                              • Instruction Fuzzy Hash: 05117672644B504ED335CF39C8C1B63B7F1AF58711B50089DE69BCBAA2E369E801C720
                                                                                                                                                                              Function 6BF836F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011F6E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,00000000,?,6BF880AE,?), ref: 6BF83713
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF83707
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8370C
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF836FD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 3dd008249f919eadea139a64094259946afcd96f7aa98420a927bcf1c28a3a47
                                                                                                                                                                              • Instruction ID: 8e1f6d9a38171b12ed7e32c7e694701dd5f12cc5eaa8cf917f6b5e8ade0f8f04
                                                                                                                                                                              • Opcode Fuzzy Hash: 3dd008249f919eadea139a64094259946afcd96f7aa98420a927bcf1c28a3a47
                                                                                                                                                                              • Instruction Fuzzy Hash: C5012B7214C56069D314DB78AC81E62BFE9DF5926C73841EDE60C9F263F267D40387A1
                                                                                                                                                                              Function 6BF71B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00BD0000,00000000,6C035724,00000000,00000000,?,6BF81242,6C03A358,6C03A358), ref: 6BF71B41
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000007,failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu,00000000,?,6BF81242,6C03A358,6C03A358), ref: 6BF71B5E
                                                                                                                                                                              Strings
                                                                                                                                                                              • failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu, xrefs: 6BF71B57
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHeapI769271af19a2299d.
                                                                                                                                                                              • String ID: failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu
                                                                                                                                                                              • API String ID: 1906285390-982776804
                                                                                                                                                                              • Opcode ID: 89026a78bda110ab512a0c30e5912ab064496f2712635752eca72d124af902ef
                                                                                                                                                                              • Instruction ID: dea532ebd7ae4f8b46bd86b3523018fbc751607120dab13c27cf405e0e86ab11
                                                                                                                                                                              • Opcode Fuzzy Hash: 89026a78bda110ab512a0c30e5912ab064496f2712635752eca72d124af902ef
                                                                                                                                                                              • Instruction Fuzzy Hash: A6F0D137608224ABD7306A5AEC98F467BACDBC6B74F4000F7E80C8A210F639900886A0
                                                                                                                                                                              Function 6BF71C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(06AB0000,00000000,?), ref: 6BF71C84
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000007,failed to HeapAlloc %u bytes (%lu), heap=%p,?,00000000), ref: 6BF71CA0
                                                                                                                                                                              Strings
                                                                                                                                                                              • failed to HeapAlloc %u bytes (%lu), heap=%p, xrefs: 6BF71C99
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeapI769271af19a2299d.
                                                                                                                                                                              • String ID: failed to HeapAlloc %u bytes (%lu), heap=%p
                                                                                                                                                                              • API String ID: 525675213-667713680
                                                                                                                                                                              • Opcode ID: 3b81f3087c18ea1d79ebf6963392a9be05173b4a667c098de57fc1739c533772
                                                                                                                                                                              • Instruction ID: 1cf25533a2e44e9749116c44ff19d8405e300e2702ea3c06ccc8cfcbeca3e2ef
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b81f3087c18ea1d79ebf6963392a9be05173b4a667c098de57fc1739c533772
                                                                                                                                                                              • Instruction Fuzzy Hash: 5EE04F77F452257BDA2156EDAC89F6B77ACD789AA6F040061FA0DDB241E924AC0047F0
                                                                                                                                                                              Function 6BF71C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RtlFreeHeap.NTDLL(06AB0000,00000000,?), ref: 6BF71C47
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000007,failed to HeapFree block %p (%lu), heap=%p,?,00000000), ref: 6BF71C61
                                                                                                                                                                              Strings
                                                                                                                                                                              • failed to HeapFree block %p (%lu), heap=%p, xrefs: 6BF71C5A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeHeapI769271af19a2299d.
                                                                                                                                                                              • String ID: failed to HeapFree block %p (%lu), heap=%p
                                                                                                                                                                              • API String ID: 1119003892-4030396798
                                                                                                                                                                              • Opcode ID: 1ac15b094e540be7ca481b13b2b1b3a6919940a09943aa63afd758906690ac6f
                                                                                                                                                                              • Instruction ID: eac931a4ffed8f53e9143428844d863cc87cee7d94364c697c05722a85775d32
                                                                                                                                                                              • Opcode Fuzzy Hash: 1ac15b094e540be7ca481b13b2b1b3a6919940a09943aa63afd758906690ac6f
                                                                                                                                                                              • Instruction Fuzzy Hash: 1DE08637B05226B7CA2126EEDC49FA77BBCDB46A61F0400E2FA0DDB151EA64E50047F0
                                                                                                                                                                              Function 6BFA5CA0 Relevance: 4.6, APIs: 3, Instructions: 84COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,6BFA8DFE,?,?,7DE85000,7DE85000,6BFD6C5C,6BFD6C5C,6BFD6C5C,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF,00000000), ref: 6BFA5D1C
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,6BFA8DFE,?,?,7DE85000,7DE85000,6BFD6C5C,6BFD6C5C,6BFD6C5C,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF,00000000), ref: 6BFA5D45
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,?,6BFA8DFE,?,?,7DE85000,7DE85000,6BFD6C5C,6BFD6C5C,6BFD6C5C,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF), ref: 6BFA5D68
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: d2d6b3bea24a3b83f696defbb4ea9012dcbcb2fc8941706c75b9794e21145250
                                                                                                                                                                              • Instruction ID: a96f2a78be27702848803cb7e6a2fcb7bad4a26828af995b5320219820918354
                                                                                                                                                                              • Opcode Fuzzy Hash: d2d6b3bea24a3b83f696defbb4ea9012dcbcb2fc8941706c75b9794e21145250
                                                                                                                                                                              • Instruction Fuzzy Hash: D121D1B2B04652ABEB14DF34D845B2AB7E4BF00658F0442A8D919CB760E739FD50CBD1
                                                                                                                                                                              Function 6BF89E30 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000000), ref: 6BF89E53
                                                                                                                                                                                • Part of subcall function 6BF84220: SI769271af19a2299d.SQLITE.INTEROP(?,os_win.c:%d: (%lu) %s(%s) - %s,?,?,?,?,00000000), ref: 6BF842AB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileI769271af19a2299d.Pointer
                                                                                                                                                                              • String ID: winSeekFile
                                                                                                                                                                              • API String ID: 1608124366-3168307952
                                                                                                                                                                              • Opcode ID: c6bbb181df0d7b7f484c273971479dfae2554c69ae28e6f219dce3a3b0b57447
                                                                                                                                                                              • Instruction ID: a7ad0696ff6050bedea361d31084b95b344976532ba6c6de1da20ba2cb7a2afc
                                                                                                                                                                              • Opcode Fuzzy Hash: c6bbb181df0d7b7f484c273971479dfae2554c69ae28e6f219dce3a3b0b57447
                                                                                                                                                                              • Instruction Fuzzy Hash: B5F0C236714204ABCB20CEA8EC02A5AB7FDDB85721F008759F919CB7D0EA75E90087A0
                                                                                                                                                                              Function 6BF3C820 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: 5bec88e1b5c85c75e140aa5a0378de10c3bfb2516fed19e107da55250ad8eb0a
                                                                                                                                                                              • Instruction ID: b02fc9a88cc2fdefbe6cba30e9198ee9d6f654e4cb6361d817f58220e9f01893
                                                                                                                                                                              • Opcode Fuzzy Hash: 5bec88e1b5c85c75e140aa5a0378de10c3bfb2516fed19e107da55250ad8eb0a
                                                                                                                                                                              • Instruction Fuzzy Hash: D4517075A00715EFDB10CFA8D880B5AB7F5FF49308F1045A8E94987360EB39EA04CB91
                                                                                                                                                                              Function 6BF83EA0 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF83FB5
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,?,00000000,?,?,?,?,?,?,6BFA63FC), ref: 6BF83FBE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: 2eb324560f041393062076aee3a1cd3b1d268f89701f29a09271bfcfd2cbbaee
                                                                                                                                                                              • Instruction ID: 2d1c2fc2c82f8579dc94d42548132982c0fd1c2034be23d522d852cd88d2c308
                                                                                                                                                                              • Opcode Fuzzy Hash: 2eb324560f041393062076aee3a1cd3b1d268f89701f29a09271bfcfd2cbbaee
                                                                                                                                                                              • Instruction Fuzzy Hash: 4331D5727043026BE728DE64DC81B2AB3B4AF84714F14066CF9288B3B0D779E959C7D2
                                                                                                                                                                              Function 6BF3C700 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF3C738
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF3C7E0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d._memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1786038377-0
                                                                                                                                                                              • Opcode ID: 93cd5a3bc7e2a3405d32088da0f50819da8a8092569bb1e458566f5acbb80bac
                                                                                                                                                                              • Instruction ID: 005a8454569ace599eca80e28e93494c3d0313c3fb5deacca7a3c18e0653ea6a
                                                                                                                                                                              • Opcode Fuzzy Hash: 93cd5a3bc7e2a3405d32088da0f50819da8a8092569bb1e458566f5acbb80bac
                                                                                                                                                                              • Instruction Fuzzy Hash: 6E31CA726003209BD710CF69D881B9BB7E8EF84314F1046ADED498B760D779E915C7E1
                                                                                                                                                                              Function 6BFE5630 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: e2b8b035afe0ff52d3b62c4905e13b2b10625df545673bf658852af3127635ed
                                                                                                                                                                              • Instruction ID: a50f5132a7c248116cf4e5c67ca15efb21958fce4d378d2652f384612b2947f0
                                                                                                                                                                              • Opcode Fuzzy Hash: e2b8b035afe0ff52d3b62c4905e13b2b10625df545673bf658852af3127635ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 7041067BB01207ABEB319BA8D81472A33B5A74371DF100564C90E9A271FF7DE4558BB2
                                                                                                                                                                              Function 6BF88820 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,?,?,?,?,?,?,6BFA63FC), ref: 6BF8897C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: a40e35d665f04aaf98b66b4549dc8c1de996773662b7d4da0261d85e7a0081e2
                                                                                                                                                                              • Instruction ID: ea3c655b6c57e30606d7e945b6a5b2db8270cb9e195b398dafc966bdc451769a
                                                                                                                                                                              • Opcode Fuzzy Hash: a40e35d665f04aaf98b66b4549dc8c1de996773662b7d4da0261d85e7a0081e2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F416276A002029BEB04DF78DD81B6677B5AF44714F0940B8EC19CF366EB39E905CBA1
                                                                                                                                                                              Function 6BF269F0 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: 719ab147819e2fc9044c0a05f4d9960886546810178a668399ecd0efbf37d5c8
                                                                                                                                                                              • Instruction ID: a30281b5372fcb10bd4dc361c70864b5901c640965a33b705d4260cf6e9b2d1a
                                                                                                                                                                              • Opcode Fuzzy Hash: 719ab147819e2fc9044c0a05f4d9960886546810178a668399ecd0efbf37d5c8
                                                                                                                                                                              • Instruction Fuzzy Hash: CE312BB5601206AFE708CF54C590E22B7B9FF48309B14C2A8E90A8F362D739E855CF94
                                                                                                                                                                              Function 6BF8C799 Relevance: 1.6, APIs: 1, Instructions: 65fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF8C63B
                                                                                                                                                                              • CreateFileW.KERNEL32(?,-80000000,00000000,00000000,?,?,00000000), ref: 6BF8C7B2
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000001B,delayed %dms for lock/sharing conflict at line %d,0000000100000000,0000C3B5), ref: 6BF8C897
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF8C8AC
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF8C8B8
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF8C8E1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$CreateFileI769271af19a2299d._memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1537408519-0
                                                                                                                                                                              • Opcode ID: 404e58c9d4bb2246c66dc4b2ce4b44c29a98dcdb2ba8497c218423b3b8c586a8
                                                                                                                                                                              • Instruction ID: 1ec055b7d4debc42c2d254a105dcf172f65abf3a25ad9217ff298c9cdaeed595
                                                                                                                                                                              • Opcode Fuzzy Hash: 404e58c9d4bb2246c66dc4b2ce4b44c29a98dcdb2ba8497c218423b3b8c586a8
                                                                                                                                                                              • Instruction Fuzzy Hash: 7A219676E80205AFDF20CBA4D894BAD77B4EB49710F144645F965E72B0CB38D980CF65
                                                                                                                                                                              Function 6BF267F0 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,00000000), ref: 6BF26899
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: 787092f80b24056735a5ce6ff15389564042ee9d102c7a08501f978ea45b10ff
                                                                                                                                                                              • Instruction ID: 4d53eea6a30a4ef268ac24efdf65ca8bb404a7b12a54273ab6079445ed9e9ed2
                                                                                                                                                                              • Opcode Fuzzy Hash: 787092f80b24056735a5ce6ff15389564042ee9d102c7a08501f978ea45b10ff
                                                                                                                                                                              • Instruction Fuzzy Hash: 9C115EB6B02203ABDF24DFECD84954A33B4BB4630A3204465E91DD3220DF3AE554CB6A
                                                                                                                                                                              Function 6C0019F0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 6C001A0C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2050909247-0
                                                                                                                                                                              • Opcode ID: 3b97cf555488986c8a0c57d43d592899026dcb98c31ef1fe8c59253ff83344a7
                                                                                                                                                                              • Instruction ID: aeea647f2352a5af20045d02da7bb0aaccff296e103eb89b863e6eeeaabe6f15
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b97cf555488986c8a0c57d43d592899026dcb98c31ef1fe8c59253ff83344a7
                                                                                                                                                                              • Instruction Fuzzy Hash: FF01AD373441299BD7108EA9E442BDB73BDEBC5768F164026EA5497210D374D8629BF0
                                                                                                                                                                              Function 6BF7B260 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI9dbf9d88aa001ea6.SQLITE.INTEROP(00000004,6C01EFE4,6BFE5697), ref: 6BF7B270
                                                                                                                                                                                • Part of subcall function 6BF7D090: SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A4DE,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,?,?,?,6BF8103B,00000012,6C01F004,?,6BFE5752), ref: 6BF7D0BA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.I9dbf9d88aa001ea6.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3129734836-0
                                                                                                                                                                              • Opcode ID: cbc015cdcabb992df8da1402b1e66385e56a6ea831f029974e680c8c5a12831d
                                                                                                                                                                              • Instruction ID: ddb4c83ca3e840dcf60084e89694bf73542b90961ae7981273d45a815d52b0d8
                                                                                                                                                                              • Opcode Fuzzy Hash: cbc015cdcabb992df8da1402b1e66385e56a6ea831f029974e680c8c5a12831d
                                                                                                                                                                              • Instruction Fuzzy Hash: 2001C5B9A0D3039BEF389FA4E4693053AB0E70B319F10097EF40D8A6A2DB795045CB19
                                                                                                                                                                              Function 6BF34F00 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: fd1f06ef651f2a7ab7bf677ef6c34145830bda350c842993e89b3fd2993b7a17
                                                                                                                                                                              • Instruction ID: 25b6d63d33de1fea9af12c8d66bee1f5c9c0a6651b816c1144a3df132e3eff45
                                                                                                                                                                              • Opcode Fuzzy Hash: fd1f06ef651f2a7ab7bf677ef6c34145830bda350c842993e89b3fd2993b7a17
                                                                                                                                                                              • Instruction Fuzzy Hash: D3F0E533B0113437D6109579AC02E6B77AD8BD2A64B0C4025FD08CB220FA7BD90182E1
                                                                                                                                                                              Function 6BF1F560 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: f16064faa86de4dc8ba8ae4a60403ccdbe4809c93ad6ee5ef1977a1cb9bdd78b
                                                                                                                                                                              • Instruction ID: 8bd0244e9a54072635bf5e0c14bc3f094a2c278d2a03e8b70064d936a8ce8b78
                                                                                                                                                                              • Opcode Fuzzy Hash: f16064faa86de4dc8ba8ae4a60403ccdbe4809c93ad6ee5ef1977a1cb9bdd78b
                                                                                                                                                                              • Instruction Fuzzy Hash: 4AE0DF363003047BC6209A6BDC09C4B3F6EEBC6B25F4144A5F70C8B251D63AD812C2B1

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 6BF18910 Relevance: 238.6, APIs: 73, Strings: 63, Instructions: 620memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF189B5
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(invalid ICLRRuntimeHost.,?,?,6BF8F705), ref: 6BF189D8
                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,?,6BF8F705), ref: 6BF189E8
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(invalid process heap.,?,?,6BF8F705), ref: 6BF189FB
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,6BF8F705), ref: 6BF18A01
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(could not free strong name buffer.), ref: 6BF1914C
                                                                                                                                                                              • HeapFree.KERNEL32(?,00000000,00000000,?,?,?,?,?,6BF8F705), ref: 6BF19199
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF191B1
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF8F705), ref: 6BF191DE
                                                                                                                                                                              Strings
                                                                                                                                                                              • strong name token data mismatch., xrefs: 6BF18F18
                                                                                                                                                                              • could not allocate path., xrefs: 6BF18A4C
                                                                                                                                                                              • could not free strong name buffer., xrefs: 6BF19147
                                                                                                                                                                              • bad assembly path env size., xrefs: 6BF1910E
                                                                                                                                                                              • good callback from setup method., xrefs: 6BF19075
                                                                                                                                                                              • verify method returned failure., xrefs: 6BF190B2
                                                                                                                                                                              • could not get setup method callback., xrefs: 6BF1901C
                                                                                                                                                                              • modern strong name check failure., xrefs: 6BF18E21
                                                                                                                                                                              • LicenseOtherAppDomain, xrefs: 6BF18F67
                                                                                                                                                                              • modern strong name check verified., xrefs: 6BF18E80
                                                                                                                                                                              • Verify, xrefs: 6BF18CA3
                                                                                                                                                                              • System.Data.SQLite.SEE.License, xrefs: 6BF18A23, 6BF18B61, 6BF18B66
                                                                                                                                                                              • LicenseAssemblyPath, xrefs: 6BF18A73
                                                                                                                                                                              • bad callback from setup method., xrefs: 6BF190A0
                                                                                                                                                                              • assembly path env success., xrefs: 6BF18A89
                                                                                                                                                                              • invalid process heap., xrefs: 6BF189F6
                                                                                                                                                                              • CoreCLR, xrefs: 6BF18C7C
                                                                                                                                                                              • no current application domain?, xrefs: 6BF18F99
                                                                                                                                                                              • ARM, xrefs: 6BF18B3F
                                                                                                                                                                              • could not get ICLRRuntimeInfo., xrefs: 6BF18D88
                                                                                                                                                                              • strong name token size mismatch., xrefs: 6BF18EBC
                                                                                                                                                                              • x86, xrefs: 6BF18B1D
                                                                                                                                                                              • assembly path not trusted., xrefs: 6BF18C5A
                                                                                                                                                                              • assembly path env not found., xrefs: 6BF18AB5
                                                                                                                                                                              • assembly path is trusted., xrefs: 6BF18C6F
                                                                                                                                                                              • MSCorEE, xrefs: 6BF18CE3
                                                                                                                                                                              • detected .NET Core in process., xrefs: 6BF18C87
                                                                                                                                                                              • invalid ICLRRuntimeHost., xrefs: 6BF189D3
                                                                                                                                                                              • ICLRRuntimeInfo loadable failure., xrefs: 6BF18DAF
                                                                                                                                                                              • could not get ICLRStrongName., xrefs: 6BF18DF7
                                                                                                                                                                              • CLR creation not implemented., xrefs: 6BF18D4D
                                                                                                                                                                              • Win32, xrefs: 6BF18B35
                                                                                                                                                                              • assembly path not found via module., xrefs: 6BF18B85
                                                                                                                                                                              • ARM64, xrefs: 6BF18B49
                                                                                                                                                                              • assembly path env failure., xrefs: 6BF190F1
                                                                                                                                                                              • could not trim module file name., xrefs: 6BF18B06
                                                                                                                                                                              • could not create ICLRMetaHost., xrefs: 6BF18D36
                                                                                                                                                                              • strong name size and data matched., xrefs: 6BF18F2D
                                                                                                                                                                              • assembly path found via process., xrefs: 6BF18BE0
                                                                                                                                                                              • missing CLR function., xrefs: 6BF18D0A
                                                                                                                                                                              • v2.0.50727, xrefs: 6BF18D5F
                                                                                                                                                                              • strong name check was not verified., xrefs: 6BF18E8E
                                                                                                                                                                              • strong name token data missing., xrefs: 6BF190E3
                                                                                                                                                                              • CLRCreateInstance, xrefs: 6BF18CFA
                                                                                                                                                                              • could not get module file name., xrefs: 6BF18B9D
                                                                                                                                                                              • modern strong name check unverified., xrefs: 6BF18E38
                                                                                                                                                                              • 0, xrefs: 6BF18C26
                                                                                                                                                                              • verify method returned success., xrefs: 6BF18CD7
                                                                                                                                                                              • x64, xrefs: 6BF18B2B
                                                                                                                                                                              • assembly path found via module., xrefs: 6BF18BE9
                                                                                                                                                                              • v4.0.30319, xrefs: 6BF18D66, 6BF18D7B
                                                                                                                                                                              • assembly path not found via process., xrefs: 6BF18BBD
                                                                                                                                                                              • System.Data.SQLite.SQLiteExtra, xrefs: 6BF18CA8
                                                                                                                                                                              • missing CLR module in process., xrefs: 6BF18CEE
                                                                                                                                                                              • modern strong name token failure., xrefs: 6BF18E6A
                                                                                                                                                                              • could not execute verify method., xrefs: 6BF190DA
                                                                                                                                                                              • SdkCallback_%lX_%lX_%lX, xrefs: 6BF18FDA
                                                                                                                                                                              • could not unset setup method callback., xrefs: 6BF1903A
                                                                                                                                                                              • .dll, xrefs: 6BF18B6A
                                                                                                                                                                              • verify method unreachable., xrefs: 6BF190CF
                                                                                                                                                                              • eeeSdk1: %s HRESULT 0x%016X, xrefs: 6BF191BC
                                                                                                                                                                              • ICLRRuntimeInfo not loadable., xrefs: 6BF18DC6
                                                                                                                                                                              • <unknown>, xrefs: 6BF191B7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DebugOutputString$Heap_memset$ErrorFreeLastProcess
                                                                                                                                                                              • String ID: .dll$0$<unknown>$ARM$ARM64$CLR creation not implemented.$CLRCreateInstance$CoreCLR$ICLRRuntimeInfo loadable failure.$ICLRRuntimeInfo not loadable.$LicenseAssemblyPath$LicenseOtherAppDomain$MSCorEE$SdkCallback_%lX_%lX_%lX$System.Data.SQLite.SEE.License$System.Data.SQLite.SQLiteExtra$Verify$Win32$assembly path env failure.$assembly path env not found.$assembly path env success.$assembly path found via module.$assembly path found via process.$assembly path is trusted.$assembly path not found via module.$assembly path not found via process.$assembly path not trusted.$bad assembly path env size.$bad callback from setup method.$could not allocate path.$could not create ICLRMetaHost.$could not execute verify method.$could not free strong name buffer.$could not get ICLRRuntimeInfo.$could not get ICLRStrongName.$could not get module file name.$could not get setup method callback.$could not trim module file name.$could not unset setup method callback.$detected .NET Core in process.$eeeSdk1: %s HRESULT 0x%016X$good callback from setup method.$invalid ICLRRuntimeHost.$invalid process heap.$missing CLR function.$missing CLR module in process.$modern strong name check failure.$modern strong name check unverified.$modern strong name check verified.$modern strong name token failure.$no current application domain?$strong name check was not verified.$strong name size and data matched.$strong name token data mismatch.$strong name token data missing.$strong name token size mismatch.$v2.0.50727$v4.0.30319$verify method returned failure.$verify method returned success.$verify method unreachable.$x64$x86
                                                                                                                                                                              • API String ID: 2843366776-37461390
                                                                                                                                                                              • Opcode ID: 8a3982bcd0a6953cbb5f762424d88808bbe4d052869fca918c49b0c50e167118
                                                                                                                                                                              • Instruction ID: ad3de2b158f0adb284cd79dfe79890f1f62ea8244ca2d79409055701784c9cbe
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a3982bcd0a6953cbb5f762424d88808bbe4d052869fca918c49b0c50e167118
                                                                                                                                                                              • Instruction Fuzzy Hash: AD22B27264C301AFD310DBB4C888B5A7BF9BF89B05F104D2DF55997262DB78D8418BA2
                                                                                                                                                                              Function 6BFE69D0 Relevance: 52.7, APIs: 24, Strings: 6, Instructions: 221encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP(?), ref: 6BFE6A43
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(00000000), ref: 6BFE6A5A
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP(?), ref: 6BFE6A70
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?), ref: 6BFE6A80
                                                                                                                                                                              • CryptCreateHash.ADVAPI32(?,00008004,00000000,00000000,?), ref: 6BFE6AAF
                                                                                                                                                                              • GetLastError.KERNEL32(?,00008004,00000000,00000000,?), ref: 6BFE6AB9
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(CryptEncrypt failed, code=%lu,00000000,?,?,?,00000000,?), ref: 6BFE6AC5
                                                                                                                                                                              • SI905dcc543d48caab.SQLITE.INTEROP(?,00000000,000000FF,CryptEncrypt failed, code=%lu,00000000,?,?,?,00000000,?), ref: 6BFE6AD3
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,?,?,?,00000000,?), ref: 6BFE6BFB
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,?,?,?,?,00000000,?), ref: 6BFE6C04
                                                                                                                                                                              • CryptDestroyKey.ADVAPI32(?,?,?,?,?,?,?,?,00000000,?), ref: 6BFE6C15
                                                                                                                                                                              • CryptDestroyHash.ADVAPI32(?,?,?,?,?,?,?,?,00000000,?), ref: 6BFE6C24
                                                                                                                                                                              Strings
                                                                                                                                                                              • CryptCreateHash failed, code=%lu, xrefs: 6BFE6AC0
                                                                                                                                                                              • CryptDeriveKey failed, code=%lu, xrefs: 6BFE6B4B
                                                                                                                                                                              • CryptHashData failed, code=%lu, xrefs: 6BFE6B02
                                                                                                                                                                              • missing encryption context, xrefs: 6BFE69F7
                                                                                                                                                                              • CryptEncrypt failed, code=%lu, xrefs: 6BFE6BB6
                                                                                                                                                                              • CryptDecrypt failed, code=%lu, xrefs: 6BFE6BDA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Crypt$DestroyHashI8b0d9e6837e61abc.Iaa0f8e0c251cfd1d.Iffb8076c269e2a85.$CreateErrorI905dcc543d48caab.Idb45e174afb28e2c.Last
                                                                                                                                                                              • String ID: CryptCreateHash failed, code=%lu$CryptDecrypt failed, code=%lu$CryptDeriveKey failed, code=%lu$CryptEncrypt failed, code=%lu$CryptHashData failed, code=%lu$missing encryption context
                                                                                                                                                                              • API String ID: 3483430705-1659892492
                                                                                                                                                                              • Opcode ID: 7ff70799c18cae2a55cca44100f7138050ed4474cc94de023644765b2dc8a318
                                                                                                                                                                              • Instruction ID: eac4ec1c011ce8fca4503447895c9e2766c7c17ef7cac1dc183eb0a8504320f8
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ff70799c18cae2a55cca44100f7138050ed4474cc94de023644765b2dc8a318
                                                                                                                                                                              • Instruction Fuzzy Hash: 0961F3B2A04205BBD710DF68CC45F2777ECAB85758F008669FA5997290EB39E80187B2
                                                                                                                                                                              Function 6BFE6C50 Relevance: 40.6, APIs: 15, Strings: 8, Instructions: 369COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFE6CF1
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP(?), ref: 6BFE6D2D
                                                                                                                                                                              • SI905dcc543d48caab.SQLITE.INTEROP(?,SHA3 size should be one of: 224 256 384 512,000000FF), ref: 6BFE6D5D
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?), ref: 6BFE6E20
                                                                                                                                                                              • SI25d73a5ab4d6cacb.SQLITE.INTEROP(?,00000000), ref: 6BFE6E52
                                                                                                                                                                              • SI30455e90830ca460.SQLITE.INTEROP(?,00000000), ref: 6BFE6E8F
                                                                                                                                                                              • SI558bdfe0e27562ea.SQLITE.INTEROP(?,00000000,00000009,?,00000000), ref: 6BFE6F21
                                                                                                                                                                              • SI25ca8d2baaee0750.SQLITE.INTEROP(?,00000000,00000009,?,00000000,00000009,?,00000000), ref: 6BFE6FBC
                                                                                                                                                                              • SI25ca8d2baaee0750.SQLITE.INTEROP(?,00000000,?,?,?,?,?,?,?,00000009,?,00000000,00000009,?,00000000), ref: 6BFE6FD4
                                                                                                                                                                              • SI8259474343588db4.SQLITE.INTEROP(?,00000000,?,00000000,?,?,?,?,?,?,?,00000009,?,00000000,00000009,?), ref: 6BFE6FDD
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?), ref: 6BFE7014
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(error SQL statement [%s]: %s,?,00000000), ref: 6BFE7091
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFE70C3
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(non-query: [%s],?), ref: 6BFE70EC
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFE7117
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I25ca8d2baaee0750.Ia364946505687432.Iaa0f8e0c251cfd1d.Idb45e174afb28e2c.$I25d73a5ab4d6cacb.I30455e90830ca460.I558bdfe0e27562ea.I5b914c29cf5a7984.I8259474343588db4.I905dcc543d48caab._memset
                                                                                                                                                                              • String ID: B%d:$F$I$S%d:$SHA3 size should be one of: 224 256 384 512$T%d:$error SQL statement [%s]: %s$non-query: [%s]
                                                                                                                                                                              • API String ID: 2385748821-2082158347
                                                                                                                                                                              • Opcode ID: 8d7004fe336d6ab38220dff43e9d6a5f0f207617e055792ec3392f6aba57c47f
                                                                                                                                                                              • Instruction ID: 0e08db2051e944bd695bd5215d531c2cf56447b6acf044505d9d0e1f317b9a8f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d7004fe336d6ab38220dff43e9d6a5f0f207617e055792ec3392f6aba57c47f
                                                                                                                                                                              • Instruction Fuzzy Hash: 62D13472908255ABD7108A38CC02B9FB7D5EFC1318F044A68F988976A2D779A519C7E3
                                                                                                                                                                              Function 6BF924C0 Relevance: 34.5, APIs: 4, Strings: 15, Instructions: 1276COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s: %s$%s: %s.%s$%s: %s.%s.%s$H$M$ambiguous column name$double-quoted string literal: "%w"$excluded$main$misuse of aliased aggregate %s$misuse of aliased window function %s$new$no such column$old$row value misused
                                                                                                                                                                              • API String ID: 0-123023855
                                                                                                                                                                              • Opcode ID: 0dfd044ca5dcde8353f7a84f24bcff3c0573ab277d153b8ad5b97e01201c71af
                                                                                                                                                                              • Instruction ID: 5b1f3cb6e2c605bcf48fdf78e5617a0feef720f37d2a2ed2c7c8fdb9c75a0538
                                                                                                                                                                              • Opcode Fuzzy Hash: 0dfd044ca5dcde8353f7a84f24bcff3c0573ab277d153b8ad5b97e01201c71af
                                                                                                                                                                              • Instruction Fuzzy Hash: 8DB2E772A083418FE714DF29D480B1ABBF1BF89718F14859DE8988B372D73AD945CB91
                                                                                                                                                                              Function 6BFE3A90 Relevance: 28.6, APIs: 5, Strings: 11, Instructions: 572COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFE3B5E
                                                                                                                                                                              • _memset.LIBCMT ref: 6BFE3B72
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00018264,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BFE41BC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset$I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$foreign key$indexed$misuse$no such column: "%s"$out of memory
                                                                                                                                                                              • API String ID: 1025281480-3185201450
                                                                                                                                                                              • Opcode ID: e812e8f3aa3d6bff651393caae92f6df5454c67797f235e0413748249859b781
                                                                                                                                                                              • Instruction ID: 91ab42223dc14ea8d6340121e8e18c572d6388ae8432cd25c709360e9047b902
                                                                                                                                                                              • Opcode Fuzzy Hash: e812e8f3aa3d6bff651393caae92f6df5454c67797f235e0413748249859b781
                                                                                                                                                                              • Instruction Fuzzy Hash: E732D572A04341AFD715CF28C484B6AB7F1BF88304F0549ADE4998B371D739E946CBA2
                                                                                                                                                                              Function 6BF86900 Relevance: 27.7, APIs: 12, Strings: 3, Instructions: 1486COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2102423945-2469029621
                                                                                                                                                                              • Opcode ID: 2dc5d7a8bd193a553da5a6557482bc77ccd4e627e889fd3582c82f6b282ff99a
                                                                                                                                                                              • Instruction ID: 355a73c72d2bfc16321434f99a11d9cc28dbcbe377e2dd150ce32d1a603ded09
                                                                                                                                                                              • Opcode Fuzzy Hash: 2dc5d7a8bd193a553da5a6557482bc77ccd4e627e889fd3582c82f6b282ff99a
                                                                                                                                                                              • Instruction Fuzzy Hash: DAD24972A083419FC314DF28D480B5BB7F1BFC9708F14896DE89997261E739E945CB92
                                                                                                                                                                              Function 6BFAC0C0 Relevance: 24.8, Strings: 19, Instructions: 1049COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: UNIQUE$BINARY$CREATE%s INDEX %.*s$INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);$cannot create a TEMP index on non-TEMP table "%s"$conflicting ON CONFLICT clauses specified$expressions prohibited in PRIMARY KEY and UNIQUE constraints$index$index %s already exists$invalid rootpage$name='%q' AND type='index'$sqlite_$sqlite_autoindex_%s_%d$sqlite_master$sqlite_temp_master$table %s may not be indexed$there is already a table named %s$views may not be indexed$virtual tables may not be indexed
                                                                                                                                                                              • API String ID: 0-1944165103
                                                                                                                                                                              • Opcode ID: 0a790d3790572a5a7414d6981585e04fc0b8d8a6d95a4b4944d6ce5b7a10ad2e
                                                                                                                                                                              • Instruction ID: 154602ecfc6877e7346bc50e8658d2fd61e949a4c5fa82a0550a3948af0ade83
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a790d3790572a5a7414d6981585e04fc0b8d8a6d95a4b4944d6ce5b7a10ad2e
                                                                                                                                                                              • Instruction Fuzzy Hash: C192D476A04342DFD708CF28C880B6AB7F5BF89318F0445ADE8599B362D738E955CB91
                                                                                                                                                                              Function 6BF66260 Relevance: 24.0, APIs: 5, Strings: 8, Instructions: 1250COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %$-$F$Inf$VUUU$VUUU$gfff$gfff
                                                                                                                                                                              • API String ID: 0-1349173842
                                                                                                                                                                              • Opcode ID: 1d5728d3c565aa7ac2deb5a87a9263a73c39042e3283688f7574e8b9a8601141
                                                                                                                                                                              • Instruction ID: b5c66e147645f77380ae703046cc11c9262de858bc6d08cc04a13e7169152e87
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d5728d3c565aa7ac2deb5a87a9263a73c39042e3283688f7574e8b9a8601141
                                                                                                                                                                              • Instruction Fuzzy Hash: 79A2D172A08382ABC715CF28C48039ABBE1AF86784F14499DFCD597361F739D945CB82
                                                                                                                                                                              Function 6BFEF920 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 118encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 6BFEF97D
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFEF98A
                                                                                                                                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,F0000000), ref: 6BFEF9B6
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 6BFEF9C0
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(CryptAcquireContext failed, code=%lu,00000000), ref: 6BFEF9CC
                                                                                                                                                                                • Part of subcall function 6BFE5630: _memset.LIBCMT ref: 6BFE5737
                                                                                                                                                                              Strings
                                                                                                                                                                              • CryptAcquireContext failed, code=%lu, xrefs: 6BFEF9C7
                                                                                                                                                                              • cryptoapi_decrypt, xrefs: 6BFEFA1A
                                                                                                                                                                              • cryptoapi_encrypt, xrefs: 6BFEFA4A
                                                                                                                                                                              • Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 6BFEF9A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ContextCrypt$AcquireErrorIaa0f8e0c251cfd1d.Idb45e174afb28e2c.LastRelease_memset
                                                                                                                                                                              • String ID: CryptAcquireContext failed, code=%lu$Microsoft Enhanced Cryptographic Provider v1.0$cryptoapi_decrypt$cryptoapi_encrypt
                                                                                                                                                                              • API String ID: 1962234622-3603160501
                                                                                                                                                                              • Opcode ID: a9ecd36f61648afedaf4129af46243a8f11849209df61fc9f4786f148d2659b2
                                                                                                                                                                              • Instruction ID: 5f6b83ecfca28d667f8e895685d0579965fd7239ddc590da90449a370c77c1f1
                                                                                                                                                                              • Opcode Fuzzy Hash: a9ecd36f61648afedaf4129af46243a8f11849209df61fc9f4786f148d2659b2
                                                                                                                                                                              • Instruction Fuzzy Hash: CE31E773B503117BF7209F74AC06F6A77D89F40B18F008569FA88DB290E7BDA50187A5
                                                                                                                                                                              Function 6BF9DA80 Relevance: 15.2, APIs: 2, Strings: 6, Instructions: 1153COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: -$BINARY$Expression tree is too large (maximum depth %d)$NOCASE$ON clause references tables to its right$false
                                                                                                                                                                              • API String ID: 0-2717425188
                                                                                                                                                                              • Opcode ID: 6c3ac6445b857c12b47ea084771d8c9dd586b289d788ea323324ee4d4510368d
                                                                                                                                                                              • Instruction ID: 1664f5710aeb89176204bec51bfd0883effeaf08de73c46d632292e24a55f56b
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c3ac6445b857c12b47ea084771d8c9dd586b289d788ea323324ee4d4510368d
                                                                                                                                                                              • Instruction Fuzzy Hash: F9A2E576A083019FE714DF28D480A1AB7F5FF89714F14899DF8989B362D738E845CB92
                                                                                                                                                                              Function 6BF861D0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 453COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF862F7
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF866AF
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF86754
                                                                                                                                                                              Strings
                                                                                                                                                                              • max rootpage (%d) disagrees with header (%d), xrefs: 6BF863E5
                                                                                                                                                                              • Pointer map page %d is referenced, xrefs: 6BF865B3
                                                                                                                                                                              • d, xrefs: 6BF862AA
                                                                                                                                                                              • Page %d is never used, xrefs: 6BF86550
                                                                                                                                                                              • incremental_vacuum enabled with a max rootpage of zero, xrefs: 6BF8640A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID: Page %d is never used$Pointer map page %d is referenced$d$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%d) disagrees with header (%d)
                                                                                                                                                                              • API String ID: 1480580083-564894985
                                                                                                                                                                              • Opcode ID: bb8708bba164880068114d75eceaf6f8af07e3a75e50984aec20893e0b627719
                                                                                                                                                                              • Instruction ID: aafdd8cae2e9a96c2c4fe70345e9608eb39d0bd01923126749bddd20175df7b2
                                                                                                                                                                              • Opcode Fuzzy Hash: bb8708bba164880068114d75eceaf6f8af07e3a75e50984aec20893e0b627719
                                                                                                                                                                              • Instruction Fuzzy Hash: C9029172E142189FDB24CF28C881B9DB7F1BF89304F2485EAE40D9B265EB359985CF51
                                                                                                                                                                              Function 6BFA0D90 Relevance: 14.2, Strings: 11, Instructions: 447COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • UPDATE "%w".sqlite_master SET sql = sqlite_drop_column(%d, sql, %d) WHERE (type=='table' AND tbl_name=%Q COLLATE nocase), xrefs: 6BFA0F25
                                                                                                                                                                              • virtual table, xrefs: 6BFA0DF0
                                                                                                                                                                              • drop column from, xrefs: 6BFA0DFF
                                                                                                                                                                              • UNIQUE, xrefs: 6BFA0E77
                                                                                                                                                                              • cannot drop column "%s": no other columns exist, xrefs: 6BFA0E99
                                                                                                                                                                              • PRIMARY KEY, xrefs: 6BFA0E70, 6BFA0E7D
                                                                                                                                                                              • view, xrefs: 6BFA0DE7
                                                                                                                                                                              • cannot %s %s "%s", xrefs: 6BFA0E04
                                                                                                                                                                              • after drop column, xrefs: 6BFA0F40
                                                                                                                                                                              • cannot drop %s column: "%s", xrefs: 6BFA0E7E
                                                                                                                                                                              • no such column: "%T", xrefs: 6BFA0E48
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: PRIMARY KEY$UNIQUE$UPDATE "%w".sqlite_master SET sql = sqlite_drop_column(%d, sql, %d) WHERE (type=='table' AND tbl_name=%Q COLLATE nocase)$after drop column$cannot %s %s "%s"$cannot drop %s column: "%s"$cannot drop column "%s": no other columns exist$drop column from$no such column: "%T"$view$virtual table
                                                                                                                                                                              • API String ID: 0-339709852
                                                                                                                                                                              • Opcode ID: 0e0be7f23ea104599ea6aed3fafc2e834e6e0c12fdfa8a09ee84375262976856
                                                                                                                                                                              • Instruction ID: 08fc94702184fe27fcfe643b777cd46a5c2120296047539b8325d458b62093f7
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e0be7f23ea104599ea6aed3fafc2e834e6e0c12fdfa8a09ee84375262976856
                                                                                                                                                                              • Instruction Fuzzy Hash: 99029E76A04312DFD308CF28C88192BB7E5FF89704F45895DE8499B362E778E915CB92
                                                                                                                                                                              Function 6BF84B50 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 277COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,?,00000000), ref: 6BF84BD0
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,?,00000000), ref: 6BF84C7D
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,?,00000000), ref: 6BF84CB9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Ib50fc3839c421869.
                                                                                                                                                                              • String ID: [%d]$d
                                                                                                                                                                              • API String ID: 3797217965-3049087155
                                                                                                                                                                              • Opcode ID: fd00548e3dac34cefb180921e52026ee50ff0916b6da731accb3eff4b635f476
                                                                                                                                                                              • Instruction ID: 069e88e0d6d1b89dbad40b54f26ab28e8cb32c4baf4186d94a5538f3d93d24af
                                                                                                                                                                              • Opcode Fuzzy Hash: fd00548e3dac34cefb180921e52026ee50ff0916b6da731accb3eff4b635f476
                                                                                                                                                                              • Instruction Fuzzy Hash: 079128736082115BC710CF74D892B6BB3F9EFC5324F4485AED9498B1A1EB399509C7D2
                                                                                                                                                                              Function 6BFCDA50 Relevance: 10.0, APIs: 1, Strings: 3, Instructions: 2975COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: %s.%s$%s.rowid$5
                                                                                                                                                                              • API String ID: 2102423945-2959728198
                                                                                                                                                                              • Opcode ID: 1e23c7459acf25c206179cb1ba1b1e9c0357801b739844be01368efd241fd4b0
                                                                                                                                                                              • Instruction ID: eab30a7f2977f9b1775755f7dd9d3fbd76d8f0fbf691a4b0144665ef31bd4d6c
                                                                                                                                                                              • Opcode Fuzzy Hash: 1e23c7459acf25c206179cb1ba1b1e9c0357801b739844be01368efd241fd4b0
                                                                                                                                                                              • Instruction Fuzzy Hash: 3A439D76A047428FD714CF18C480A6BBBF1FF89304F1589ADE4998B362D739E985CB52
                                                                                                                                                                              Function 6BF72400 Relevance: 9.4, APIs: 6, Instructions: 362COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,00000001), ref: 6BF72429
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,00000000), ref: 6BF7243E
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,00000000,00000000), ref: 6BF7247B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I353770fd94e573c1.$Ib50fc3839c421869.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3315215020-0
                                                                                                                                                                              • Opcode ID: 82e66b07f8f1f42075d69b9dcd358672181e01ab23afcd67858fe95efe0179d0
                                                                                                                                                                              • Instruction ID: 31e1fdd7ca78ceacd32233a36802a0ce7acb6b4ac9185b57f64f3999c578f97c
                                                                                                                                                                              • Opcode Fuzzy Hash: 82e66b07f8f1f42075d69b9dcd358672181e01ab23afcd67858fe95efe0179d0
                                                                                                                                                                              • Instruction Fuzzy Hash: 40B18C77E082454BC720DE2CF890696B7E6DBC7324F5445FFE899873A2D62BD8028791
                                                                                                                                                                              Function 6BF33FA0 Relevance: 9.2, APIs: 6, Instructions: 240COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF34043
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF340E7
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF34101
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF341D8
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF341F2
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF3420B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2940838516-0
                                                                                                                                                                              • Opcode ID: 5d84e1222ecdb37e0702b4a348a14c4ff4bc6320aaf019eb526eb5b2b80e0cab
                                                                                                                                                                              • Instruction ID: ebd20f077b8807e5f42124aa086de4614612caa7ccf4d5d1763e7755396e96c2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5d84e1222ecdb37e0702b4a348a14c4ff4bc6320aaf019eb526eb5b2b80e0cab
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F814EB2A04B059FD718CF39C8816ABB7F6EF95304F14C96DE86DC7260E73699018B90
                                                                                                                                                                              Function 6BFD2100 Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 994COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @$DELETE$rows deleted
                                                                                                                                                                              • API String ID: 0-1818571773
                                                                                                                                                                              • Opcode ID: d7b11a3a55ced1f8127bb25d170696d5d4f9f5d255ce0e64972149695c3a6ed1
                                                                                                                                                                              • Instruction ID: f071b581a2e55118244b565a9619207dc8c174bf4cf06c4f32fd0bf2ed421de6
                                                                                                                                                                              • Opcode Fuzzy Hash: d7b11a3a55ced1f8127bb25d170696d5d4f9f5d255ce0e64972149695c3a6ed1
                                                                                                                                                                              • Instruction Fuzzy Hash: 27927EB2A087019FD314CF29C881A2AB7F5FF89714F08895DF8588B361D779E945CB92
                                                                                                                                                                              Function 6BF36DD0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 403COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset$_memmove
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 2532777613-2766056989
                                                                                                                                                                              • Opcode ID: 65fdfa7107798056039c54ed98fbff195faeba9c6117e3c5640521860f8a1250
                                                                                                                                                                              • Instruction ID: 4f7e3839a702caf2242af6bd5928a959590c37f1321ba5cad2bf05af99dccac3
                                                                                                                                                                              • Opcode Fuzzy Hash: 65fdfa7107798056039c54ed98fbff195faeba9c6117e3c5640521860f8a1250
                                                                                                                                                                              • Instruction Fuzzy Hash: 1BF1187250D7A19BC711DF3890907EBBBE0AF99218F440D9DE8D907242C638E64DCBA7
                                                                                                                                                                              Function 6BF76AA0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF76EF8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID: d$null
                                                                                                                                                                              • API String ID: 372259789-308889208
                                                                                                                                                                              • Opcode ID: af15bcfa4e3c454538b2afba2afe45c817f90fbf711c2067a0ad9b07a6dc48eb
                                                                                                                                                                              • Instruction ID: 6c8168c927ad6213744d1b17266e8fa77e676274b6625fb4803ab6d11416e25f
                                                                                                                                                                              • Opcode Fuzzy Hash: af15bcfa4e3c454538b2afba2afe45c817f90fbf711c2067a0ad9b07a6dc48eb
                                                                                                                                                                              • Instruction Fuzzy Hash: DFD1D373608341ABD710DF24E481A5BB3E1BFC9718F0449AEF88997261E739E905CB93
                                                                                                                                                                              Function 6BF9FA50 Relevance: 5.4, Strings: 3, Instructions: 1637COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: BBB$sqlite\_%$sqlite_stat1
                                                                                                                                                                              • API String ID: 0-480565516
                                                                                                                                                                              • Opcode ID: c66551cd6351d34ad80b62e5ff9694ab42c0a5a7f29ad16c776c7355fb88afef
                                                                                                                                                                              • Instruction ID: 741833919d88d7db2ff220ffa7f979cd7f42fb0d76c411df1da3fba3b569e8a4
                                                                                                                                                                              • Opcode Fuzzy Hash: c66551cd6351d34ad80b62e5ff9694ab42c0a5a7f29ad16c776c7355fb88afef
                                                                                                                                                                              • Instruction Fuzzy Hash: 83E26872A04202DFD708CF28D480E26BBF5FF89304F4585ADE4598B362E7B5E956CB91
                                                                                                                                                                              Function 6BF02AD0 Relevance: 4.6, Strings: 1, Instructions: 3307COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: 20c:20e
                                                                                                                                                                              • API String ID: 0-580905770
                                                                                                                                                                              • Opcode ID: 2983d9233df8234fa32f5d0f31af6fde5e751908d1f4326bf606b6e61e916046
                                                                                                                                                                              • Instruction ID: 71057193c539472b33de15d0509984b0f878460bcd21e35d61819659b73ae91f
                                                                                                                                                                              • Opcode Fuzzy Hash: 2983d9233df8234fa32f5d0f31af6fde5e751908d1f4326bf606b6e61e916046
                                                                                                                                                                              • Instruction Fuzzy Hash: 54837E75D016288FEB18CF96C980ADEF7B2BF8C310F5681AAC55977255C7706A82CF90
                                                                                                                                                                              Function 6BF21A40 Relevance: 3.0, APIs: 2, Instructions: 21encryptionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000,00000000,?,6BFEF9DC,00000000,CryptAcquireContext failed, code=%lu,00000000), ref: 6BF21A5A
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,00000000,?,6BFEF9DC,00000000,CryptAcquireContext failed, code=%lu,00000000), ref: 6BF21A67
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ContextCryptIaa0f8e0c251cfd1d.Release
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3500827864-0
                                                                                                                                                                              • Opcode ID: 82c24148c0dd2d22d9d47ec0f57389236221a180b3e8792d6eca9361be68f955
                                                                                                                                                                              • Instruction ID: 93690417d9a22399c8bb93d8d8857c58c82d1a5fc7610542079fb7d887575b0d
                                                                                                                                                                              • Opcode Fuzzy Hash: 82c24148c0dd2d22d9d47ec0f57389236221a180b3e8792d6eca9361be68f955
                                                                                                                                                                              • Instruction Fuzzy Hash: FBE08C72A0122457EE205E94D801B46B3AC9F01F54F000058E84897250D77AF7808AE9
                                                                                                                                                                              Function 6BFC04A0 Relevance: 2.8, APIs: 1, Instructions: 1315COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: 03a61a110edac44fbb8759d30150ba9e3a91058bf2e5d25d2fcebd7dbb3505bf
                                                                                                                                                                              • Instruction ID: 07ba72b74740cbc4d1e5b3c89ed0e45c6ed831ee2f433ab75904d77e16a4b292
                                                                                                                                                                              • Opcode Fuzzy Hash: 03a61a110edac44fbb8759d30150ba9e3a91058bf2e5d25d2fcebd7dbb3505bf
                                                                                                                                                                              • Instruction Fuzzy Hash: 03C29CB2A08202CFD714CF28C480957B7F5FF89318F14859EE8498B362D775E996CB92
                                                                                                                                                                              Function 6BEF4589 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: a38e03fb30e7123af0a01744826097bb6a22b4424cb1476540da849b545acbed
                                                                                                                                                                              • Instruction ID: 3d3be2ca343d1d3ed008d35aabe6ce45a0f4f1ce0fc0f54ea6ed6828f325080f
                                                                                                                                                                              • Opcode Fuzzy Hash: a38e03fb30e7123af0a01744826097bb6a22b4424cb1476540da849b545acbed
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E320721E69F414DE7239934C922325A7ADAFB73D8F21D737E819B5E96EF29C4834100
                                                                                                                                                                              Function 6BF94800 Relevance: 1.9, Strings: 1, Instructions: 645COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                              • Opcode ID: 4d16c494a801d1b99f53f60537e9da95e449f807bcff594004c0f2484e0fc016
                                                                                                                                                                              • Instruction ID: 13254fe3364d7fc0775c87de391cf9f65ac8ea6ceee82dc7d43af10899d6e3a0
                                                                                                                                                                              • Opcode Fuzzy Hash: 4d16c494a801d1b99f53f60537e9da95e449f807bcff594004c0f2484e0fc016
                                                                                                                                                                              • Instruction Fuzzy Hash: F742A332A083428FE724DF29D09075AB7E1BFD5318F14899DE4B58B2A1D738D885CB92
                                                                                                                                                                              Function 6BF5D800 Relevance: 1.9, APIs: 1, Instructions: 355COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: c04171b6d5b78779407eb584f029bc66ed38bb521f05ee780fce3ce6b51f2651
                                                                                                                                                                              • Instruction ID: 09f97e06d66cbd58f64f729912dbde40e5fbc74e6d4a1844468620c28fbfcbf7
                                                                                                                                                                              • Opcode Fuzzy Hash: c04171b6d5b78779407eb584f029bc66ed38bb521f05ee780fce3ce6b51f2651
                                                                                                                                                                              • Instruction Fuzzy Hash: 30E188B7E41A099BDB14CFA8C881B9EB7F2FF59304F14826ED059E3361E778A5558B00
                                                                                                                                                                              Function 6BEF8FEE Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 27da28fcaf2a788f57e6b889575c98baf3ebc5b4ab4e5edb1aa83d15e6b2a9a1
                                                                                                                                                                              • Instruction ID: 34de0eb4ca315883486dcdc023f7093c2e4390fe4c545edc5c05039586ef976b
                                                                                                                                                                              • Opcode Fuzzy Hash: 27da28fcaf2a788f57e6b889575c98baf3ebc5b4ab4e5edb1aa83d15e6b2a9a1
                                                                                                                                                                              • Instruction Fuzzy Hash: C3B1DF31E2AF504DD7239939C822336FAACAFBB2D5B52D71BFC5674D52EB2281834140
                                                                                                                                                                              Function 6BFD1B80 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: sqlite_stat1
                                                                                                                                                                              • API String ID: 2102423945-692927832
                                                                                                                                                                              • Opcode ID: 4bd4438458f59b07a900a19b8551f5d5576e104e6a1cb0d5c9c7230018323ed3
                                                                                                                                                                              • Instruction ID: dd8c33d453cfe444882f5bf59a447a8afe44429dcccad49bf6d32f340acf829c
                                                                                                                                                                              • Opcode Fuzzy Hash: 4bd4438458f59b07a900a19b8551f5d5576e104e6a1cb0d5c9c7230018323ed3
                                                                                                                                                                              • Instruction Fuzzy Hash: F612B1726043429FD714CF28C885E66B7E5FF89304F08899DF8958B3A2D739EA45CB91
                                                                                                                                                                              Function 6BF20550 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2102423945-0
                                                                                                                                                                              • Opcode ID: 1f96b4f07c0e15db86592b80f6031b7163c4f7b719e17864b02b07378481a195
                                                                                                                                                                              • Instruction ID: 750225539e5d6e5f8ffd2fcec27677ea75b79d2ba6ae2478291dde06ae4be73f
                                                                                                                                                                              • Opcode Fuzzy Hash: 1f96b4f07c0e15db86592b80f6031b7163c4f7b719e17864b02b07378481a195
                                                                                                                                                                              • Instruction Fuzzy Hash: 8651942720C6C306E3018F7D89E1A6FBFD56ED9014B9A19BDD1D5CB113C9A5D48AC353
                                                                                                                                                                              Function 6BF986A0 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • generated column loop on "%s", xrefs: 6BF988A2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: generated column loop on "%s"
                                                                                                                                                                              • API String ID: 0-1629069433
                                                                                                                                                                              • Opcode ID: 622ca6a5955a2d9b6dbae760c5ac79104e58c0e4b43735d140eed2c620a44570
                                                                                                                                                                              • Instruction ID: 8b16806e27f3767d0e2856071d70d04131e027ab167cddbe037e6ecfa514d44a
                                                                                                                                                                              • Opcode Fuzzy Hash: 622ca6a5955a2d9b6dbae760c5ac79104e58c0e4b43735d140eed2c620a44570
                                                                                                                                                                              • Instruction Fuzzy Hash: F8712436A102199FEB14DF68D4807BABBB0FF45394F14819ED899DB662C73CE941CB90
                                                                                                                                                                              Function 6BF02491 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: N@
                                                                                                                                                                              • API String ID: 0-1509896676
                                                                                                                                                                              • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                              • Instruction ID: 6182f5118bcb9c4658151801a4020ff8b69f74a83663ec48f7c69bd204a4891b
                                                                                                                                                                              • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                              • Instruction Fuzzy Hash: 47617A729003158FDB08CF48C4A46AEBBF2BF84310F1AC1AED8095B371DBB59944DB94
                                                                                                                                                                              Function 06012974 Relevance: .9, Instructions: 913COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1771673921.0000000006012000.00000002.00000001.01000000.00000007.sdmp, Offset: 06010000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1771616656.0000000006010000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6010000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 59bf1b7fb39f44e8b974332afb321922848b8bb0d943825eb9d58399eb41c13f
                                                                                                                                                                              • Instruction ID: 4af29b66539737e60f3c8f09cd7cd584dd2b2ee2b14271cc27d742c8451f7c0e
                                                                                                                                                                              • Opcode Fuzzy Hash: 59bf1b7fb39f44e8b974332afb321922848b8bb0d943825eb9d58399eb41c13f
                                                                                                                                                                              • Instruction Fuzzy Hash: 29726D6144E3C25FC7634B749CB56E1BFB0EE5720471E49CBD4C18F0A3E2286A9AD762
                                                                                                                                                                              Function 6BF6EBD0 Relevance: .9, Instructions: 866COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 81eb14218c518ca962929d134cc9a6f0b98d8c55b596c8b52acfd984774bfef2
                                                                                                                                                                              • Instruction ID: 3bd85ca4821bb3eed3c4676b23d28d72c0aec1d46d0bc2594d30084d6dc43bbe
                                                                                                                                                                              • Opcode Fuzzy Hash: 81eb14218c518ca962929d134cc9a6f0b98d8c55b596c8b52acfd984774bfef2
                                                                                                                                                                              • Instruction Fuzzy Hash: 50828D76A047428FD314CF19C480A66B7F1FF89344F15899EE8998B762E739E906CF90
                                                                                                                                                                              Function 6BF0A4A0 Relevance: .7, Instructions: 675COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 0a74a797eb1f97c98e2e63a0f01201ce76369ba6c078dc36870e6fbaa0218f4e
                                                                                                                                                                              • Instruction ID: 9b1e0b11c5f7c422c43f62f23695f63d9a7951d48c17944efeada70d8bbea684
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a74a797eb1f97c98e2e63a0f01201ce76369ba6c078dc36870e6fbaa0218f4e
                                                                                                                                                                              • Instruction Fuzzy Hash: 1C62303AE51662ABDF04CF9DD8C06697372FB8B310F6A4175CB1027656CA38BA11DBC4
                                                                                                                                                                              Function 6BF56A70 Relevance: .5, Instructions: 463COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 7af472f02571a68b804a5bd436fa35ec48448a7c9ba42dccad2cce14d28e6305
                                                                                                                                                                              • Instruction ID: 08dd2d591e22c668b495d0c3737996b5763676f899a28e8920a46f4ef290d5cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 7af472f02571a68b804a5bd436fa35ec48448a7c9ba42dccad2cce14d28e6305
                                                                                                                                                                              • Instruction Fuzzy Hash: E9F19D63E086805FD31A8A38C8953E57BA3DFB2311F19C6A9E4B54B7E7E13D8518C391
                                                                                                                                                                              Function 6BF3E350 Relevance: .5, Instructions: 454COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5b5698d641596c2a766c4ef72deac0cd651065908d9f26683dc9d7605ca700a1
                                                                                                                                                                              • Instruction ID: 3e1a9b55d5651f66c580b1acd283cd4b8806265dbab71e83ca466045fe16e67f
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b5698d641596c2a766c4ef72deac0cd651065908d9f26683dc9d7605ca700a1
                                                                                                                                                                              • Instruction Fuzzy Hash: A202D272A143628FC714CF28C480656BBE2FF88314F2485A9E858CB365E339ED55CBE1
                                                                                                                                                                              Function 6BF70810 Relevance: .4, Instructions: 429COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8429b3073d79167dcea11961830e0d4869161ae7b1f262689385717c42da11ab
                                                                                                                                                                              • Instruction ID: 963ae50a2b21d69367839f42d972736a8f38898523cc88b042bba9c532747118
                                                                                                                                                                              • Opcode Fuzzy Hash: 8429b3073d79167dcea11961830e0d4869161ae7b1f262689385717c42da11ab
                                                                                                                                                                              • Instruction Fuzzy Hash: AE0249B2A04B018FD328CF29D485A52B7E1FF89304F15C9AED4498B762E7B5E915CF84
                                                                                                                                                                              Function 6BF2A5F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: feffff20ee9cb0c13020068f74efc5c8f02f3067ca5bfa4f39ee9b7a1919ae94
                                                                                                                                                                              • Instruction ID: ae8721844741f57b5ea5d4719a7b26342f5bc682630e90996e72c428ebb192d8
                                                                                                                                                                              • Opcode Fuzzy Hash: feffff20ee9cb0c13020068f74efc5c8f02f3067ca5bfa4f39ee9b7a1919ae94
                                                                                                                                                                              • Instruction Fuzzy Hash: 0EE1BF73D04259DFCB01CFE8C5806DDBBF1EF4A324F2542A9E864A73A1D739590A8B90
                                                                                                                                                                              Function 6BF16930 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 47cea735236a586418e5658d66c114335aab2b61fa0943a50244dbd3004388e2
                                                                                                                                                                              • Instruction ID: 48d0337eba8070d5bc38643ea7c6b72e375e8caf95b43078a4fe3cef242aba04
                                                                                                                                                                              • Opcode Fuzzy Hash: 47cea735236a586418e5658d66c114335aab2b61fa0943a50244dbd3004388e2
                                                                                                                                                                              • Instruction Fuzzy Hash: D4B1CD73D1D2455FE7048978C8923EE7BB2DB56320F108E7CE1928B7D2E52D894AC351
                                                                                                                                                                              Function 6BF21B10 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: cdc786fe53ac91f73169e9006db48e0382b3dddbad0a56c61dabcb417fe6a7d7
                                                                                                                                                                              • Instruction ID: 1550e70e303753cd35c3a5a6e6bdc2bf163d3fce0810fec4841f7e757b3f8fda
                                                                                                                                                                              • Opcode Fuzzy Hash: cdc786fe53ac91f73169e9006db48e0382b3dddbad0a56c61dabcb417fe6a7d7
                                                                                                                                                                              • Instruction Fuzzy Hash: B6516B77A0C1E44FDB05C77888905AEBFF29F97200B09C5BDDC869B786D5389A15C3A1
                                                                                                                                                                              Function 6BF146F0 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: e34ea9b349026cc5379d98d5343368b89d5cf375e3743efe14efd6606711c9af
                                                                                                                                                                              • Instruction ID: c5604a9b4c47891dcae987d54ff792bf10ae3ef037187ac030492456a1b3df9b
                                                                                                                                                                              • Opcode Fuzzy Hash: e34ea9b349026cc5379d98d5343368b89d5cf375e3743efe14efd6606711c9af
                                                                                                                                                                              • Instruction Fuzzy Hash: B84126F7E156321AA30CCF3A89A5161EFD2D9C1212309C17BE5AAC7A41C7B18026FBD0
                                                                                                                                                                              Function 6BF0C1C0 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 9de923e27ea125be1b7bbf4a2aeb965233b4755c4c25ac7080ed03f6773267f5
                                                                                                                                                                              • Instruction ID: 40f63cc0423f5957969b3127a4039c24cc34b6e5b99ae0036031f775b91a5865
                                                                                                                                                                              • Opcode Fuzzy Hash: 9de923e27ea125be1b7bbf4a2aeb965233b4755c4c25ac7080ed03f6773267f5
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C511672A195118FD70CCF19C555629B7E3AFCD321B2AC1BDD50E4B7AACA34D842CB84
                                                                                                                                                                              Function 6BF14870 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f204fd6a535252f7d4fa1edcccd73d9a0cae6be3216373b2c5cce2ed287ca3ca
                                                                                                                                                                              • Instruction ID: 5e79a6628a24b099c5c9801ebc2a31e2cfe785ac37217cc2e89507229c917d5d
                                                                                                                                                                              • Opcode Fuzzy Hash: f204fd6a535252f7d4fa1edcccd73d9a0cae6be3216373b2c5cce2ed287ca3ca
                                                                                                                                                                              • Instruction Fuzzy Hash: A631D392E4A64899D700C939CC013C5BB92C7A7218FACC7FDD4688BFDBD26B9406D791
                                                                                                                                                                              Function 6BEF65D2 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF65DA
                                                                                                                                                                              • __mtterm.LIBCMT ref: 6BEF65E6
                                                                                                                                                                                • Part of subcall function 6BEF62B1: DecodePointer.KERNEL32(0000000D,6BEF32A5,6BEF328B,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF62C2
                                                                                                                                                                                • Part of subcall function 6BEF62B1: TlsFree.KERNEL32(00000026,6BEF32A5,6BEF328B,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF62DC
                                                                                                                                                                                • Part of subcall function 6BEF62B1: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6BEF32A5,6BEF328B,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEFC08F
                                                                                                                                                                                • Part of subcall function 6BEF62B1: _free.LIBCMT ref: 6BEFC092
                                                                                                                                                                                • Part of subcall function 6BEF62B1: DeleteCriticalSection.KERNEL32(00000026,?,?,6BEF32A5,6BEF328B,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEFC0B9
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6BEF65FC
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6BEF6609
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6BEF6616
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6BEF6623
                                                                                                                                                                              • TlsAlloc.KERNEL32(?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF6673
                                                                                                                                                                              • TlsSetValue.KERNEL32(00000000,?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF668E
                                                                                                                                                                              • __init_pointers.LIBCMT ref: 6BEF6698
                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF66A9
                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF66B6
                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF66C3
                                                                                                                                                                              • EncodePointer.KERNEL32(?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF66D0
                                                                                                                                                                              • DecodePointer.KERNEL32(Function_00006435,?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF66F1
                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 6BEF6706
                                                                                                                                                                              • DecodePointer.KERNEL32(00000000,?,?,6BEF31E2,6C031440,00000008,6BEF3376,?,?,?,6C031460,0000000C,6BEF3431,?), ref: 6BEF6720
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 6BEF6732
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                              • API String ID: 3698121176-3819984048
                                                                                                                                                                              • Opcode ID: d54a9f351a4d34010078ab5c2fbe3c95ed6ba793403f2ccdf871ab4aad4247e6
                                                                                                                                                                              • Instruction ID: 8eba581cd1883f40aa56d7a7e30f8599c6803a903bc7bb065e020830a50be471
                                                                                                                                                                              • Opcode Fuzzy Hash: d54a9f351a4d34010078ab5c2fbe3c95ed6ba793403f2ccdf871ab4aad4247e6
                                                                                                                                                                              • Instruction Fuzzy Hash: 90317A31B043129FEF21AFB5E90CA563EFDEB47624721462AE459932D0EF388112DF50
                                                                                                                                                                              Function 6BF88E00 Relevance: 33.5, APIs: 12, Strings: 7, Instructions: 256COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF88ECA
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF88F13
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF88F3B
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF88F44
                                                                                                                                                                                • Part of subcall function 6BF84220: SI769271af19a2299d.SQLITE.INTEROP(?,os_win.c:%d: (%lu) %s(%s) - %s,?,?,?,?,00000000), ref: 6BF842AB
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF88F74
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF8906C
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,6C027148,00000000), ref: 6BF8909C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$I769271af19a2299d.
                                                                                                                                                                              • String ID: %s%c%s$/$?$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                                                                                                              • API String ID: 554379481-471428565
                                                                                                                                                                              • Opcode ID: 703198039e4343b3007d30650c79237200e41644ec67f56accf770cc5dc867a2
                                                                                                                                                                              • Instruction ID: 8200b924984a3d4d6bfc3644f2561b279d5658fa6c7722792dfa55d4f0e9ea8a
                                                                                                                                                                              • Opcode Fuzzy Hash: 703198039e4343b3007d30650c79237200e41644ec67f56accf770cc5dc867a2
                                                                                                                                                                              • Instruction Fuzzy Hash: 3F612A77F0521227EB1056B4AC46B7F77B99B8222DF0441B9FD0DCB261EB3ED90542A2
                                                                                                                                                                              Function 6BF63AD0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 238COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI5b4aedd0c04bd151.SQLITE.INTEROP ref: 6BF63B00
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP ref: 6BF63B12
                                                                                                                                                                              • SI5b4aedd0c04bd151.SQLITE.INTEROP ref: 6BF63B65
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP ref: 6BF63B77
                                                                                                                                                                              • SI5b4aedd0c04bd151.SQLITE.INTEROP ref: 6BF63BC3
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP ref: 6BF63BD5
                                                                                                                                                                              • SI5b4aedd0c04bd151.SQLITE.INTEROP ref: 6BF63C30
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP ref: 6BF63C3E
                                                                                                                                                                              • SI5b4aedd0c04bd151.SQLITE.INTEROP ref: 6BF63C95
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP ref: 6BF63CA7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I5b4aedd0c04bd151.I5b914c29cf5a7984.
                                                                                                                                                                              • String ID: automerge$crisismerge$hashsize$pgsz$rank$usermerge
                                                                                                                                                                              • API String ID: 199341400-4069215817
                                                                                                                                                                              • Opcode ID: 7f365c65b74a53e92fa939d891dc20a003d6ea06d8f57d1dd95cae33237143d0
                                                                                                                                                                              • Instruction ID: 943251b56b94c8a6b4d2c8afa5e0c566e701d405ee95a4560cabb8832d790893
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f365c65b74a53e92fa939d891dc20a003d6ea06d8f57d1dd95cae33237143d0
                                                                                                                                                                              • Instruction Fuzzy Hash: FC7126B3D041155BDB20CA7C99815AE7BF8EF42359F1005EAEC59DB222F63DEA1097C1
                                                                                                                                                                              Function 6BF7BA00 Relevance: 30.1, APIs: 10, Strings: 7, Instructions: 330COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF7BB24
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D19,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BBF9
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D19,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BC2C
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D19,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BC5F
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D19,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BC92
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D19,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BCC5
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D19,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BD4F
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL), ref: 6BF7BDF6
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015D01,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7BE14
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.$_memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$invalid$misuse$unopened
                                                                                                                                                                              • API String ID: 3073774149-857223478
                                                                                                                                                                              • Opcode ID: d604dceaeebd06a49401a396a3ea1b94787c87e7f41757fc9a778485bf4257ed
                                                                                                                                                                              • Instruction ID: 34971046806120fcb2e91669c555d55ff63a351c196a12996b833096ac50612f
                                                                                                                                                                              • Opcode Fuzzy Hash: d604dceaeebd06a49401a396a3ea1b94787c87e7f41757fc9a778485bf4257ed
                                                                                                                                                                              • Instruction Fuzzy Hash: 17B1C576A04B029BD720AF38A855F4777E0AF45709F004DBAED6D9B323E778E5008B91
                                                                                                                                                                              Function 6BF7D8C0 Relevance: 25.0, APIs: 6, Strings: 8, Instructions: 466COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(not authorized,?,?), ref: 6BF7D918
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(%s.%s,?,00000000), ref: 6BF7D97F
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF7D9A3
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(error during initialization: %s,?), ref: 6BF7DD08
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF7DD17
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF7DD65
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Idb45e174afb28e2c.$Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$unable to open shared library [%.*s]
                                                                                                                                                                              • API String ID: 1491502024-2763346821
                                                                                                                                                                              • Opcode ID: 0680ae5639078bdb398740cef9ed9fb90ce8e229d03740c026bc82e4dcf9d8ab
                                                                                                                                                                              • Instruction ID: 1e84fcb20826f9c3d81c0e62fba5440bf4ee2c8ed3f7201356d8b464e5b1b209
                                                                                                                                                                              • Opcode Fuzzy Hash: 0680ae5639078bdb398740cef9ed9fb90ce8e229d03740c026bc82e4dcf9d8ab
                                                                                                                                                                              • Instruction Fuzzy Hash: 08E1E5B66442025BD720DF68E885A5B77E4FF89318F4445BAEC4CD7321EB38D905CBA2
                                                                                                                                                                              Function 6BFF2850 Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 391COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIc14fb8a21feb2e94.SQLITE.INTEROP(?,SAVEPOINT changeset,00000000,00000000,00000000), ref: 6BFF2898
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BFF28CD
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?), ref: 6BFF2A68
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.Ia364946505687432.Ic14fb8a21feb2e94.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$RELEASE changeset$SAVEPOINT changeset$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2646806474-2422101649
                                                                                                                                                                              • Opcode ID: dd4dfdfa4d6720d23959b07e16c7800ef4a47d903dccca579629bfa376935bef
                                                                                                                                                                              • Instruction ID: 3e14233bb1996110909235299852178ec600b4ceeaac33379a0755739345b221
                                                                                                                                                                              • Opcode Fuzzy Hash: dd4dfdfa4d6720d23959b07e16c7800ef4a47d903dccca579629bfa376935bef
                                                                                                                                                                              • Instruction Fuzzy Hash: ABD16EB29083819BC711CF68C88195BB7F9AFC8754F04496DF9859B331D776E902CB92
                                                                                                                                                                              Function 6BF5E290 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 204COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI5b4aedd0c04bd151.SQLITE.INTEROP(?), ref: 6BF5E2A3
                                                                                                                                                                              • SI905dcc543d48caab.SQLITE.INTEROP(?,1st argument to percentile() is not numeric,000000FF), ref: 6BF5E377
                                                                                                                                                                              • SI905dcc543d48caab.SQLITE.INTEROP(?,2nd argument to percentile() is not the same for all input rows,000000FF), ref: 6BF5E3B6
                                                                                                                                                                              • SI94ecb64e9dbb8338.SQLITE.INTEROP ref: 6BF5E3C6
                                                                                                                                                                              • SI905dcc543d48caab.SQLITE.INTEROP(?,Inf input to percentile(),000000FF), ref: 6BF5E3E9
                                                                                                                                                                              • SIf0a08171cb5be57f.SQLITE.INTEROP(?,00000000,00000000), ref: 6BF5E416
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF5E426
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF5E445
                                                                                                                                                                              Strings
                                                                                                                                                                              • 2nd argument to percentile() is not a number between 0.0 and 100.0, xrefs: 6BF5E486
                                                                                                                                                                              • 1st argument to percentile() is not numeric, xrefs: 6BF5E371
                                                                                                                                                                              • Inf input to percentile(), xrefs: 6BF5E3E3
                                                                                                                                                                              • 2nd argument to percentile() is not the same for all input rows, xrefs: 6BF5E3B0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I905dcc543d48caab.$I1bf8975e567ea97a.I5b4aedd0c04bd151.I94ecb64e9dbb8338.Iaa0f8e0c251cfd1d.If0a08171cb5be57f.
                                                                                                                                                                              • String ID: 1st argument to percentile() is not numeric$2nd argument to percentile() is not a number between 0.0 and 100.0$2nd argument to percentile() is not the same for all input rows$Inf input to percentile()
                                                                                                                                                                              • API String ID: 908108584-2567114664
                                                                                                                                                                              • Opcode ID: 0efdbbeccaadc0ba4670f895086f4cdccaa3d29e280d93319130e2cebc896b9f
                                                                                                                                                                              • Instruction ID: ac36b5d2212f24a1f1e195f63b251abca023ab24d05ce65818f929d141cfe27b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0efdbbeccaadc0ba4670f895086f4cdccaa3d29e280d93319130e2cebc896b9f
                                                                                                                                                                              • Instruction Fuzzy Hash: A8513AB7A00606A7CB009F28E841755B7B4FB95369F1007E6E86D836B0EB39E475C7D1
                                                                                                                                                                              Function 6BF74DA0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 337COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000110DE,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74E0D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 0f80178bed654cec52ec53d7d487988e7765616f7f037ebcae3c09bdbd5ed157
                                                                                                                                                                              • Instruction ID: e156d5d3083d434e8d3cf7d581d03f31b28038d03dedcf8c4c004aa949a459f4
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f80178bed654cec52ec53d7d487988e7765616f7f037ebcae3c09bdbd5ed157
                                                                                                                                                                              • Instruction Fuzzy Hash: 25C15832A042545BCB20CFADD881AEDBBB1EF84315F1480FAE9199B352D639D641CBA0
                                                                                                                                                                              Function 6BF72CA0 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 223COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A233,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF72CCA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$create$end$explain$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse$temp$temporary$trigger
                                                                                                                                                                              • API String ID: 2981141233-3036811575
                                                                                                                                                                              • Opcode ID: 5cfd62d10cd5b5d88e72d1c87fac9e569a946ae8dfee5fd26db905d5df05e4e5
                                                                                                                                                                              • Instruction ID: 7d2a5e737d31dfd6b74db525f1a561c853a01ccae59e6112939ac2b0b5c7978e
                                                                                                                                                                              • Opcode Fuzzy Hash: 5cfd62d10cd5b5d88e72d1c87fac9e569a946ae8dfee5fd26db905d5df05e4e5
                                                                                                                                                                              • Instruction Fuzzy Hash: F2513A63E0C29155D7316A247804FAABBF18F53319F0408FBDCE997562E22F914F96A1
                                                                                                                                                                              Function 6BF7CAD0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7CB0A
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,unopened), ref: 6BF7CC4E
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7CC6C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$invalid$misuse$unopened
                                                                                                                                                                              • API String ID: 2981141233-857223478
                                                                                                                                                                              • Opcode ID: 0d99a70ef5cc5c6f8af1feeae8648f177614816610ec454f88c275c23a572294
                                                                                                                                                                              • Instruction ID: 2c797c843004156b39ab9ad935c7d9e38fb9945cc9ac4c9431f6b14d30341ab6
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d99a70ef5cc5c6f8af1feeae8648f177614816610ec454f88c275c23a572294
                                                                                                                                                                              • Instruction Fuzzy Hash: 335105B3A046119BC720EF3CA805B0777E4AB45B18F0045FAE85DDB261E739E9048B91
                                                                                                                                                                              Function 6BF7C850 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 86COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7C87E
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,unopened), ref: 6BF7C8E6
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7C904
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$invalid$misuse$unopened
                                                                                                                                                                              • API String ID: 2981141233-857223478
                                                                                                                                                                              • Opcode ID: 22623b598a1793692d008e81d161a8f5b84d7006d9650af3d6cc9558e2907810
                                                                                                                                                                              • Instruction ID: 1f6e3c89dbee16868518dbe307bd7a059c864b1ae7efab713662f365032110b2
                                                                                                                                                                              • Opcode Fuzzy Hash: 22623b598a1793692d008e81d161a8f5b84d7006d9650af3d6cc9558e2907810
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B21F337B9421577DB207579BC42F4337E9AF81B1AB0500F7EA1DEB662FA2CD8044692
                                                                                                                                                                              Function 6BF18850 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 65COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(invalid ICLRRuntimeHost pointer.,00000000,?), ref: 6BF18878
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF1888D
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(?), ref: 6BF188B8
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(invalid ICLRRuntimeHost.,00000000,?), ref: 6BF188DD
                                                                                                                                                                              • OutputDebugStringA.KERNEL32(done with cleanup.), ref: 6BF188F5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DebugOutputString$_memset
                                                                                                                                                                              • String ID: <unknown>$done with cleanup.$eeeSdk1: %s HRESULT 0x%016X$invalid ICLRRuntimeHost pointer.$invalid ICLRRuntimeHost.
                                                                                                                                                                              • API String ID: 4043698622-3439405060
                                                                                                                                                                              • Opcode ID: 197eec14988fe2e5a1fc8b5a53c464b8a77e661b9e7b2bd55bd92587df995760
                                                                                                                                                                              • Instruction ID: 5d2d770af96220ca2d503a088f34084df2b771f8544953e94529e1f232657968
                                                                                                                                                                              • Opcode Fuzzy Hash: 197eec14988fe2e5a1fc8b5a53c464b8a77e661b9e7b2bd55bd92587df995760
                                                                                                                                                                              • Instruction Fuzzy Hash: 8E11E732F44218A7C710EBB5CC41AADB3BDAF89721F51459DEA0897240DB39AD019BD1
                                                                                                                                                                              Function 6BFE1A50 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 359COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI8c5d6a3d79dd16ae.SQLITE.INTEROP(?,?,00000001,?,?,?), ref: 6BFE1ACD
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?,?,?,?,00000000,00000000,?,?,?,?,00000000,00000000,6BFFE566), ref: 6BFE1AE1
                                                                                                                                                                              • SI06ad3f4f233fab5b.SQLITE.INTEROP(00000000,?,?,?,?,?,00000000,00000000,?,?,?,?,00000000,00000000,6BFFE566), ref: 6BFE1AFE
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?,?,?,?,00000000,00000000,?,?,?,?,00000000,00000000,6BFFE566), ref: 6BFE1CAA
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A76F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 6BFE1CE7
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFE1CE0
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFE1CD1
                                                                                                                                                                              • misuse, xrefs: 6BFE1CDB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Ia364946505687432.$I06ad3f4f233fab5b.I769271af19a2299d.I8c5d6a3d79dd16ae.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 973435178-160653349
                                                                                                                                                                              • Opcode ID: ad4c7d16b8161525c8566a48c3b7dc254dafe330fa9fd11dc995282aa3ff7660
                                                                                                                                                                              • Instruction ID: a1fbb61f5e0a8ce4779ef1e0d4aee4aa3b7ad0192c9b46ea3c776d628c93f18a
                                                                                                                                                                              • Opcode Fuzzy Hash: ad4c7d16b8161525c8566a48c3b7dc254dafe330fa9fd11dc995282aa3ff7660
                                                                                                                                                                              • Instruction Fuzzy Hash: 57C1C477704216ABD710CF2AD881B7B73A9EB84718F044569ED088B261E739EE47C7B1
                                                                                                                                                                              Function 6C001F70 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 239COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6C001FD9
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6C0021E5
                                                                                                                                                                                • Part of subcall function 6BFEB710: SIdb45e174afb28e2c.SQLITE.INTEROP(PRAGMA '%q'.table_info('%q'),?,?,00000000,00000000,?,?,?,?,00000000,?,?), ref: 6BFEB734
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6C002121
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(table schemas do not match), ref: 6C00213C
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6C00222F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.$Iaa0f8e0c251cfd1d.Idb45e174afb28e2c.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse$table schemas do not match
                                                                                                                                                                              • API String ID: 2647412588-4182254272
                                                                                                                                                                              • Opcode ID: ecd417ae1e80923608cc8579dcb56871e40e9017993e0e71b121271ca8f05780
                                                                                                                                                                              • Instruction ID: 2099aa4e7c9812a74112a6574d27291dea92528bc7b98899eb93ad6dc3d5e42b
                                                                                                                                                                              • Opcode Fuzzy Hash: ecd417ae1e80923608cc8579dcb56871e40e9017993e0e71b121271ca8f05780
                                                                                                                                                                              • Instruction Fuzzy Hash: C091CFB26043019FD700CF69D885B5BB7E5AFC8708F15492CFA5987712E775E901CBA2
                                                                                                                                                                              Function 6BF7CD50 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 84COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,unopened), ref: 6BF7CD86
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000247DF,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7CDA4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$invalid$misuse$unopened
                                                                                                                                                                              • API String ID: 2981141233-857223478
                                                                                                                                                                              • Opcode ID: c39b601a635a02c42b2963604277afe1c8b92f29fd84c6a219c4a3b169f9c759
                                                                                                                                                                              • Instruction ID: 4c61a6a9b0758caca5533eb2f2c11bd7af739ba11cc6653817c351f503381a54
                                                                                                                                                                              • Opcode Fuzzy Hash: c39b601a635a02c42b2963604277afe1c8b92f29fd84c6a219c4a3b169f9c759
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C213B73B442046BDB34BA68AC01F5B3BA99B42B49F0004FBE52DEB662E67CD9114391
                                                                                                                                                                              Function 6BF67B40 Relevance: 15.2, APIs: 10, Instructions: 157COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIe969e8d8137a8a33.SQLITE.INTEROP ref: 6BF67B56
                                                                                                                                                                              • SI94ecb64e9dbb8338.SQLITE.INTEROP ref: 6BF67B84
                                                                                                                                                                              • SId95bb14c42234d8e.SQLITE.INTEROP(?), ref: 6BF67B93
                                                                                                                                                                              • SI28687b581b626bbf.SQLITE.INTEROP(?), ref: 6BF67BA6
                                                                                                                                                                              • SId95bb14c42234d8e.SQLITE.INTEROP(?), ref: 6BF67BE5
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP ref: 6BF67BF8
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(00000000), ref: 6BF67C13
                                                                                                                                                                              • SId95bb14c42234d8e.SQLITE.INTEROP(?), ref: 6BF67C85
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP ref: 6BF67CAC
                                                                                                                                                                              • SId95bb14c42234d8e.SQLITE.INTEROP(?), ref: 6BF67D01
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Id95bb14c42234d8e.$I8b0d9e6837e61abc.$I28687b581b626bbf.I94ecb64e9dbb8338.Ie969e8d8137a8a33.Iffb8076c269e2a85.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1281124493-0
                                                                                                                                                                              • Opcode ID: 518b716daf971fe7538f4eab4ebfae44f081e9f6508daa8b1d79c8e1864e995b
                                                                                                                                                                              • Instruction ID: c81e9c2202fd1d21e5ce043240866ab11e9bd33c5d0832352fc41ec5b41bec21
                                                                                                                                                                              • Opcode Fuzzy Hash: 518b716daf971fe7538f4eab4ebfae44f081e9f6508daa8b1d79c8e1864e995b
                                                                                                                                                                              • Instruction Fuzzy Hash: 63514EBAD0120ADFCB04DFA4E9859EEBBB1BF49304F204568DC05A7360F735AA15CB91
                                                                                                                                                                              Function 6BF760A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00005AFD,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF764CB
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF764C4
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF764B5
                                                                                                                                                                              • misuse, xrefs: 6BF764BF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 72d180e2aa1b8bad0ce6c4867956278e56adbf8496827817d54af7e5d0bcd2c8
                                                                                                                                                                              • Instruction ID: fba209522ded515480db30297747b110f4abe690b362cd977d73bccdf8e3a89d
                                                                                                                                                                              • Opcode Fuzzy Hash: 72d180e2aa1b8bad0ce6c4867956278e56adbf8496827817d54af7e5d0bcd2c8
                                                                                                                                                                              • Instruction Fuzzy Hash: B8D15AB2604702EFD724DF24E48075AB7F0BF44718F104AAAE8598B361D779E864CBD2
                                                                                                                                                                              Function 6BF74980 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 272COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001120D,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74A3A
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011208,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74A6C
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011238,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74BC3
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF74C38
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.$_memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 3073774149-2469029621
                                                                                                                                                                              • Opcode ID: 0191bf6949aaa2cc3c4c0dafcf3b6c84fe6dcdb1051494066a1b3f93a99ca3c0
                                                                                                                                                                              • Instruction ID: 0a91f2e600343e5091b6635bb34f7c63eebe92b7d1cfeb7372ddb2bd6c33a2c1
                                                                                                                                                                              • Opcode Fuzzy Hash: 0191bf6949aaa2cc3c4c0dafcf3b6c84fe6dcdb1051494066a1b3f93a99ca3c0
                                                                                                                                                                              • Instruction Fuzzy Hash: 89919932A0829517C714DA7EA4606FDBFE2DF91215F4881FBE89D87782D23EC651C7A0
                                                                                                                                                                              Function 6BF70120 Relevance: 14.0, APIs: 9, Instructions: 451COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIfc4b758a3d39aef3.SQLITE.INTEROP(?,?,?,?,?), ref: 6BF701C4
                                                                                                                                                                              • SI25d73a5ab4d6cacb.SQLITE.INTEROP ref: 6BF70208
                                                                                                                                                                              • SI25d73a5ab4d6cacb.SQLITE.INTEROP ref: 6BF70233
                                                                                                                                                                              • SI30455e90830ca460.SQLITE.INTEROP(?,?), ref: 6BF702B1
                                                                                                                                                                              • SI558bdfe0e27562ea.SQLITE.INTEROP(?,?), ref: 6BF702D3
                                                                                                                                                                              • SIfc4b758a3d39aef3.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?), ref: 6BF70574
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I25d73a5ab4d6cacb.Ifc4b758a3d39aef3.$I30455e90830ca460.I558bdfe0e27562ea.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 823083451-0
                                                                                                                                                                              • Opcode ID: 66a1f79bc59186d9670fa3ad84db39aa3650ac50302c2a3456e2bf4029cde799
                                                                                                                                                                              • Instruction ID: 3b8869cd5749f6b385ac382ac7789911f7efaf1a05ca0c72aa9b1f8c411ca7f3
                                                                                                                                                                              • Opcode Fuzzy Hash: 66a1f79bc59186d9670fa3ad84db39aa3650ac50302c2a3456e2bf4029cde799
                                                                                                                                                                              • Instruction Fuzzy Hash: 2AF1E9B29083518FC714DF34D890A1ABBF5AFC5304F0885AEF89997361D3B9D945CBA2
                                                                                                                                                                              Function 6BF38F70 Relevance: 13.7, APIs: 9, Instructions: 241COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,00000000,00000001,?,?), ref: 6BF39018
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF3907D
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF3908A
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF390A1
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF390AE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: e5c3ced3fcf75afc06cf5c4663a2188c686c78d9e1dc7e322db68cb76d6cc32c
                                                                                                                                                                              • Instruction ID: 659fc54d8df4d9de94dff80eb924c05f01a6384c471080c4fff66e62e9d440e3
                                                                                                                                                                              • Opcode Fuzzy Hash: e5c3ced3fcf75afc06cf5c4663a2188c686c78d9e1dc7e322db68cb76d6cc32c
                                                                                                                                                                              • Instruction Fuzzy Hash: 148181B2A04322AFD700DF78D88155BB7F4BF88718F00862EF84993211EB35E5548BD6
                                                                                                                                                                              Function 6BF98FA0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 354COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: DELETE$Expression tree is too large (maximum depth %d)$ORDER BY without LIMIT on %s
                                                                                                                                                                              • API String ID: 2102423945-20366875
                                                                                                                                                                              • Opcode ID: 51580840c7866bebb69263cae33e7e2e614eeceb95cc0b340c11f57fee89fc9f
                                                                                                                                                                              • Instruction ID: a7cc8e1b2e4f8c17c934b3c4a993ba3a0a4b80ae968a18c82533b630339a0cd0
                                                                                                                                                                              • Opcode Fuzzy Hash: 51580840c7866bebb69263cae33e7e2e614eeceb95cc0b340c11f57fee89fc9f
                                                                                                                                                                              • Instruction Fuzzy Hash: D9C11132A007119FE320DF28DC81B1B77E8AF95714F118A58F9599B3A2D738E945C7D1
                                                                                                                                                                              Function 6BF84800 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 266COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI8c5d6a3d79dd16ae.SQLITE.INTEROP(?,00000001,00000000,00000000), ref: 6BF848AA
                                                                                                                                                                              • SI952d22c6db518ea2.SQLITE.INTEROP(?,00000001,?,?,?,?,?,?), ref: 6BF84924
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015BE4,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF84A7F
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF84A78
                                                                                                                                                                              • (, xrefs: 6BF84B08
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF84A69
                                                                                                                                                                              • misuse, xrefs: 6BF84A73
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.I8c5d6a3d79dd16ae.I952d22c6db518ea2.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$($fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 747483182-3128250811
                                                                                                                                                                              • Opcode ID: 1ba929610892b079f1775ab7100dfcceb46ac382b81b4cb5048309003409620c
                                                                                                                                                                              • Instruction ID: 7ec42b50cdba8fdd5721e89e9b722403cfb76e2b3ffd48e662686ef3f2bf0115
                                                                                                                                                                              • Opcode Fuzzy Hash: 1ba929610892b079f1775ab7100dfcceb46ac382b81b4cb5048309003409620c
                                                                                                                                                                              • Instruction Fuzzy Hash: DDA124729082629FD714CF29C89066ABBF5BF85315F048699FCA48B3A1D73CD905CBE1
                                                                                                                                                                              Function 6BF658B0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 266COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP ref: 6BF658C2
                                                                                                                                                                              • __aulldiv.LIBCMT ref: 6BF6598A
                                                                                                                                                                              • SIdace78b5300c999f.SQLITE.INTEROP(?), ref: 6BF65A10
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Idace78b5300c999f.Iffb8076c269e2a85.__aulldiv
                                                                                                                                                                              • String ID: %llu$%llu$%llu
                                                                                                                                                                              • API String ID: 1680873459-507185057
                                                                                                                                                                              • Opcode ID: c98be2dbc5c6149ef6d540b0dd34c2d4bab430f8ddd8873373a4ad9f682d7bee
                                                                                                                                                                              • Instruction ID: edcb3149635e9a52f43eca28190aaef94206fdf3b1ebeea417ffd12acf5211af
                                                                                                                                                                              • Opcode Fuzzy Hash: c98be2dbc5c6149ef6d540b0dd34c2d4bab430f8ddd8873373a4ad9f682d7bee
                                                                                                                                                                              • Instruction Fuzzy Hash: B291D272A0421A9FC700CF28C88196BB7E4FF88758F504A5EFD5897262E335E955CBD2
                                                                                                                                                                              Function 6BF7FA20 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 245COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012842,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7FA8F
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF7FAAF
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF7FB3C
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF7FBAF
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF7FA83
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7FA88
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7FA79
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove$I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 1401880967-2469029621
                                                                                                                                                                              • Opcode ID: 897ac64185acd478b2b6956dde049dbe21a15a9b5dbf6a1cb60133c545902dc6
                                                                                                                                                                              • Instruction ID: ae8bc752d411ba36feaa3b8ab6575643ed126e5142d8e77612c512ff2e68bc50
                                                                                                                                                                              • Opcode Fuzzy Hash: 897ac64185acd478b2b6956dde049dbe21a15a9b5dbf6a1cb60133c545902dc6
                                                                                                                                                                              • Instruction Fuzzy Hash: 73918272E0015AAFCB14DFA8D881DAEB7B5FF84314F1481A9E804A7341E735EA55CBE1
                                                                                                                                                                              Function 6BF44320 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF4454F
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF44558
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
                                                                                                                                                                              • API String ID: 372259789-131617836
                                                                                                                                                                              • Opcode ID: d19854c9c65cc90da7ae0aa47a74d1d5166772e493da34685e903d7a6f424741
                                                                                                                                                                              • Instruction ID: e95bb8d125ba82bc14d2024d6e231d0b510135334d77e3fe386c409947bd8c01
                                                                                                                                                                              • Opcode Fuzzy Hash: d19854c9c65cc90da7ae0aa47a74d1d5166772e493da34685e903d7a6f424741
                                                                                                                                                                              • Instruction Fuzzy Hash: EC71DB73E0C1914BD3118F24C461766FFB26B82324F5986E9D8D96F363DB3AE8428791
                                                                                                                                                                              Function 6BF74310 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF74428
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012773,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74475
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d._memmove
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 3148929312-2469029621
                                                                                                                                                                              • Opcode ID: 1a284495ea69526ba28d070bb2eecf74daafa42a2fb7054d97c50119eaa797c0
                                                                                                                                                                              • Instruction ID: 130f0dfe9bd50645a74a1175fb9e012209f5eb62afcf5c0fa4fccbb095fe59cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 1a284495ea69526ba28d070bb2eecf74daafa42a2fb7054d97c50119eaa797c0
                                                                                                                                                                              • Instruction Fuzzy Hash: 3561B571A042199FCB14DFA8D890AEDBBF1FF48305F1485EAD809AB745D338AA51CBD1
                                                                                                                                                                              Function 6BF682C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP ref: 6BF68336
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,?,000000FF), ref: 6BF68438
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF68441
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF68454
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF68461
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF6846E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$I1bf8975e567ea97a.I8b0d9e6837e61abc.
                                                                                                                                                                              • String ID: domain error
                                                                                                                                                                              • API String ID: 2338593189-1959930803
                                                                                                                                                                              • Opcode ID: 7cf68f1c29abd1dbaa4d37610528de6b018290964d9ea62a29893fcafab1bff8
                                                                                                                                                                              • Instruction ID: fdad3edd0e4d1d6fe14822fde0a10168802a03d91df32d32fad095881db85a92
                                                                                                                                                                              • Opcode Fuzzy Hash: 7cf68f1c29abd1dbaa4d37610528de6b018290964d9ea62a29893fcafab1bff8
                                                                                                                                                                              • Instruction Fuzzy Hash: B55145B3A043525BC7008E789C4256B7394ABC23A8F148A7FED6987271F739D81587E2
                                                                                                                                                                              Function 6BF806F0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011969,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,00000000,?), ref: 6BF80723
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 67fe08ca1bf9649c84812068218fee22f11ba4fbdd3f44f075df155d87978e98
                                                                                                                                                                              • Instruction ID: 6547c252c580b547646d893b31297071785e67543bdd7ec2d22a89c5c1fe1346
                                                                                                                                                                              • Opcode Fuzzy Hash: 67fe08ca1bf9649c84812068218fee22f11ba4fbdd3f44f075df155d87978e98
                                                                                                                                                                              • Instruction Fuzzy Hash: B6511672A021066BC710DF79D885EAAB7F0FB44716F5045A5E90DDBA51E3B8E490CBD0
                                                                                                                                                                              Function 6BF6A630 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI94ecb64e9dbb8338.SQLITE.INTEROP ref: 6BF6A65D
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP ref: 6BF6A702
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP ref: 6BF6A70D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I8b0d9e6837e61abc.I94ecb64e9dbb8338.Iffb8076c269e2a85.
                                                                                                                                                                              • String ID: %!.15g$%!.20e$%lld$NULL
                                                                                                                                                                              • API String ID: 346610330-655469614
                                                                                                                                                                              • Opcode ID: f40cdba5c9e0a432bd00b909cd2514364ca22f071fb9eeeff29ec4ee0cf00618
                                                                                                                                                                              • Instruction ID: c8a2bc5693ab7c32e24f676cedb433437a777007f239212c79c9bc1bfc1c466f
                                                                                                                                                                              • Opcode Fuzzy Hash: f40cdba5c9e0a432bd00b909cd2514364ca22f071fb9eeeff29ec4ee0cf00618
                                                                                                                                                                              • Instruction Fuzzy Hash: 61419B77A045155BC710DB78A841A7AF3F8EF86218F000AEEDC5DC7A11FB3AA41583D2
                                                                                                                                                                              Function 6BF62200 Relevance: 12.2, APIs: 8, Instructions: 200COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,?,?,?,000000FF), ref: 6BF6226D
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,?,00000000,?,000000FF), ref: 6BF6228A
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,?,?,000000FF), ref: 6BF622C5
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,?), ref: 6BF622E3
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,?), ref: 6BF62301
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,?), ref: 6BF6231F
                                                                                                                                                                              • SIb50fc3839c421869.SQLITE.INTEROP(?,?,?), ref: 6BF6234E
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,?), ref: 6BF6236C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I353770fd94e573c1.$Ib50fc3839c421869.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3315215020-0
                                                                                                                                                                              • Opcode ID: 7d7d684f3ca794ea794f746a5b75eb11de33ca7799c41d6f9cdfe45b378b4f08
                                                                                                                                                                              • Instruction ID: b7981567e52b7ce5da54c0519b77b300e21f514f88f28cd263a4442791736c58
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d7d684f3ca794ea794f746a5b75eb11de33ca7799c41d6f9cdfe45b378b4f08
                                                                                                                                                                              • Instruction Fuzzy Hash: F0519176B181046FC700DF68EC45EAA73E9EB89235F1482A5FD1CCB351E636D9118BD0
                                                                                                                                                                              Function 6BF7AAD0 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 379COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF7AB22
                                                                                                                                                                              • SI9a326fe0ddbebf12.SQLITE.INTEROP(-00008000,00000000), ref: 6BF7AC39
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF7AC6C
                                                                                                                                                                              Strings
                                                                                                                                                                              • recovered %d frames from WAL file %s, xrefs: 6BF7AEAC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I9a326fe0ddbebf12.Unothrow_t@std@@@__ehfuncinfo$??2@_memset
                                                                                                                                                                              • String ID: recovered %d frames from WAL file %s
                                                                                                                                                                              • API String ID: 4193966855-1429783703
                                                                                                                                                                              • Opcode ID: 11cfde4814195874729128f3470e8c9507c0338591f1336bc3f5bf8c2b257476
                                                                                                                                                                              • Instruction ID: c85b0ea27226a25fd33b502fbff1dab2d7106de20a2f28288f1d1dbde9b9686a
                                                                                                                                                                              • Opcode Fuzzy Hash: 11cfde4814195874729128f3470e8c9507c0338591f1336bc3f5bf8c2b257476
                                                                                                                                                                              • Instruction Fuzzy Hash: 1FD19EB2E006059FD724DFA8D881B9EB7F5EF88304F1145AEE506AB360E778E941CB50
                                                                                                                                                                              Function 6BF843E0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 349COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF8450B
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF84555
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0003544F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF847E5
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF847D9
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF847DE
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF847CF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d._memmove_memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 1567147133-2469029621
                                                                                                                                                                              • Opcode ID: 37b99e59cf3759d6285f756f40686469d9e1fccbf1048e31f607ab63a33736a4
                                                                                                                                                                              • Instruction ID: 61f1f64289456ff367ff28e5f19783e7fda92745ed4259ede5587ef6561d7383
                                                                                                                                                                              • Opcode Fuzzy Hash: 37b99e59cf3759d6285f756f40686469d9e1fccbf1048e31f607ab63a33736a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 4CD1AE77A042018BDB28CF28C8D575A77B9FF41319F1444EADC198F26AE77AD881CB91
                                                                                                                                                                              Function 6BF7E410 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 327COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memmove_memset
                                                                                                                                                                              • String ID: "%w" $%Q%s
                                                                                                                                                                              • API String ID: 4247715239-1987291987
                                                                                                                                                                              • Opcode ID: c13f08f30fe42e52e74aeae4df39540dc5f88a3621cc33751743c3dfe90f7b38
                                                                                                                                                                              • Instruction ID: 7e9acad476f583958e39a431050bc698c2ac549599aa826009e1b92c6bae84bd
                                                                                                                                                                              • Opcode Fuzzy Hash: c13f08f30fe42e52e74aeae4df39540dc5f88a3621cc33751743c3dfe90f7b38
                                                                                                                                                                              • Instruction Fuzzy Hash: 86C1D7726142029FD710DF28D880A9BB7E9BF85318F144ABEF858CB351E739E915CB91
                                                                                                                                                                              Function 6BF80310 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 298COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011E43,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,?,?,?,?,6BF8B7A4,00000000,?,00000000,00000000), ref: 6BF80355
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011E52,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,?,?,?,?,6BF8B7A4,00000000,?,00000000,00000000), ref: 6BF803A1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 971d5af6f672619e33ebd059d6cb53a2aa6aed76f5411e9e48e7ed2b480d93e8
                                                                                                                                                                              • Instruction ID: 4a2b9cd9dfe344b0aa36a2f31c7b41c439a4b765ef7f78f0b5c94eb7967f3c20
                                                                                                                                                                              • Opcode Fuzzy Hash: 971d5af6f672619e33ebd059d6cb53a2aa6aed76f5411e9e48e7ed2b480d93e8
                                                                                                                                                                              • Instruction Fuzzy Hash: 36B19C72A053029FC704CF38D880A5AB7F5EBC8714F448A6DF8589B355E778E854CBA2
                                                                                                                                                                              Function 6BF429E0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF42A44
                                                                                                                                                                                • Part of subcall function 6BFE5630: _memset.LIBCMT ref: 6BFE5737
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: L* N* Co$categories$remove_diacritics$separators$tokenchars
                                                                                                                                                                              • API String ID: 2102423945-414796364
                                                                                                                                                                              • Opcode ID: 7d038f1a3e0980606472a6817c1625e66b0ef63ba3ccf37e1d56195de145327b
                                                                                                                                                                              • Instruction ID: b9c1d2383454d3d00405ec2796f01363a40183c00239c52a92ae8c83bfbc959d
                                                                                                                                                                              • Opcode Fuzzy Hash: 7d038f1a3e0980606472a6817c1625e66b0ef63ba3ccf37e1d56195de145327b
                                                                                                                                                                              • Instruction Fuzzy Hash: 6DB1E573A282524BDB159F28840472B7FB0BF42719F0408BDEDA9D7263DB3ED54587A2
                                                                                                                                                                              Function 6BF6A1F0 Relevance: 10.8, APIs: 7, Instructions: 292COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI216a233b40cb7147.SQLITE.INTEROP(?,00000000), ref: 6BF6A2EF
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?), ref: 6BF6A302
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?), ref: 6BF6A32C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I8b0d9e6837e61abc.$I216a233b40cb7147.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 305067579-0
                                                                                                                                                                              • Opcode ID: c4c2ab89594b10e78a442ca5c7eee033baaae8da3950cd433951a2efb17cf550
                                                                                                                                                                              • Instruction ID: 296c6ab3832e17f321003b6990567fd612614259d947822ce86d0fd4b8db41b7
                                                                                                                                                                              • Opcode Fuzzy Hash: c4c2ab89594b10e78a442ca5c7eee033baaae8da3950cd433951a2efb17cf550
                                                                                                                                                                              • Instruction Fuzzy Hash: 73A1C672A083218FD300CF28C881A5AB7F5EF85798F14496DFC9587321E73AE945CB92
                                                                                                                                                                              Function 6BF44B90 Relevance: 10.8, APIs: 7, Instructions: 253COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF44C51
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF44CA2
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF44D99
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF44DC3
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF44DD0
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF44DF2
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF44E37
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1480580083-0
                                                                                                                                                                              • Opcode ID: 663e6b86d17ab2a7b6f2ee2359fe2e760fa0c2d1de033a7919c84e4e218b2c80
                                                                                                                                                                              • Instruction ID: 0dfd638c4f5db9c49208ba601393aadc40136ff471ea7aee16710a615a9987ba
                                                                                                                                                                              • Opcode Fuzzy Hash: 663e6b86d17ab2a7b6f2ee2359fe2e760fa0c2d1de033a7919c84e4e218b2c80
                                                                                                                                                                              • Instruction Fuzzy Hash: 39A14EB29087029FD710CF68D880A5BBBF4BF88718F104A5DF95997315E739EA05CB92
                                                                                                                                                                              Function 6BFE2DC0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 225COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002B224,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?), ref: 6BFE3038
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$BINARY$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse$no such table column: %s.%s
                                                                                                                                                                              • API String ID: 2981141233-502253091
                                                                                                                                                                              • Opcode ID: 3b1ab9347583bafcd9f33b38a691bab2a7fbf26ede8e2bc8389abee39881d96b
                                                                                                                                                                              • Instruction ID: e01b2013d55743734d2508c09a9fa631a6c6bc9808a52d5279b6b5ee081307a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b1ab9347583bafcd9f33b38a691bab2a7fbf26ede8e2bc8389abee39881d96b
                                                                                                                                                                              • Instruction Fuzzy Hash: 708157B2F04256ABDB01CF65C8817BEB7B5BF44704F1440A9E814AB361E779D942CBE1
                                                                                                                                                                              Function 6BF6AF40 Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(00000000), ref: 6BF6AF95
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?,00000000), ref: 6BF6AFA2
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP(00000000), ref: 6BF6AFC2
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP(?,00000000), ref: 6BF6AFCD
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(00000000), ref: 6BF6B037
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?), ref: 6BF6B06B
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF6B155
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I8b0d9e6837e61abc.$Iffb8076c269e2a85.$I1bf8975e567ea97a.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1260191962-0
                                                                                                                                                                              • Opcode ID: 7b2f1b9e7679dcd65b685edbf637d00d790b4ca363d9ca7114b24652b2ef9ea1
                                                                                                                                                                              • Instruction ID: 608d26f4e57d20748d95f3e8285676bc7791ac9ca35403bf4a5342236ae132b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 7b2f1b9e7679dcd65b685edbf637d00d790b4ca363d9ca7114b24652b2ef9ea1
                                                                                                                                                                              • Instruction Fuzzy Hash: 0271B373A083015BD310CF38C99261BBBE5AF89684F144DADFC958B322F739D8418792
                                                                                                                                                                              Function 6BF68A90 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 198COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF68AE4
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP(?), ref: 6BF68B62
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?), ref: 6BF68B7C
                                                                                                                                                                              • SIdace78b5300c999f.SQLITE.INTEROP(?,00000007,00000000,000000FF), ref: 6BF68CEF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I8b0d9e6837e61abc.Idace78b5300c999f.Iffb8076c269e2a85._memset
                                                                                                                                                                              • String ID: %g${%lld
                                                                                                                                                                              • API String ID: 3673669252-3707171336
                                                                                                                                                                              • Opcode ID: 924b2445a2097d8d47bad8e91278b38a9316901121dc61184c6b393b0c365cfa
                                                                                                                                                                              • Instruction ID: 73a3480ce123f4d8f69557fbe665c1ce8490f1e836012ddca77102430b9c1558
                                                                                                                                                                              • Opcode Fuzzy Hash: 924b2445a2097d8d47bad8e91278b38a9316901121dc61184c6b393b0c365cfa
                                                                                                                                                                              • Instruction Fuzzy Hash: D261C2B25093918FC710DB28888165BBBF1AF96348F044A6EECD987351F739E905CB92
                                                                                                                                                                              Function 6BFC0160 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 197COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • sqlite_stat1, xrefs: 6BFC01E4
                                                                                                                                                                              • SELECT idx,count(*) FROM %Q.sqlite_stat4 GROUP BY idx, xrefs: 6BFC02E9
                                                                                                                                                                              • SELECT tbl,idx,stat FROM %Q.sqlite_stat1, xrefs: 6BFC020B
                                                                                                                                                                              • sqlite_stat4, xrefs: 6BFC02CE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: SELECT idx,count(*) FROM %Q.sqlite_stat4 GROUP BY idx$SELECT tbl,idx,stat FROM %Q.sqlite_stat1$sqlite_stat1$sqlite_stat4
                                                                                                                                                                              • API String ID: 0-291810292
                                                                                                                                                                              • Opcode ID: cae6b4bd81251539bbae9196b54561d2ed95c3b873f98e2dd50810bfa561b254
                                                                                                                                                                              • Instruction ID: 953f66d155edf853f61b8f11dfdd4b39a29273393ed8883bdf3d701c2ba838c1
                                                                                                                                                                              • Opcode Fuzzy Hash: cae6b4bd81251539bbae9196b54561d2ed95c3b873f98e2dd50810bfa561b254
                                                                                                                                                                              • Instruction Fuzzy Hash: 247195B6E003179BDB01CF74C884BABB7B4BF45714F140195DC18A7261D778A992CBD6
                                                                                                                                                                              Function 6BF80130 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012524,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF8015E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: b62bfacca579af3835252bcf3db89e9988072da97976a4a43205889acd209cec
                                                                                                                                                                              • Instruction ID: 01e92516b897f7787eaf384cd2c01f12516ba029560821895a59d85ddba56189
                                                                                                                                                                              • Opcode Fuzzy Hash: b62bfacca579af3835252bcf3db89e9988072da97976a4a43205889acd209cec
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F5111737042015BC301DE389885F5AB3F5EB88314F4144BEE90C9B662E7B9E8468BE2
                                                                                                                                                                              Function 6C001DF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6C001E56
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6C001EC1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6C001F38
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.$_memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 3073774149-160653349
                                                                                                                                                                              • Opcode ID: 7c0fb7420c7bd15b07dba4e2c514fa748a0cdd74149d5f66148d3188c731228b
                                                                                                                                                                              • Instruction ID: e26a1cfc34e5d5e93da67a9d84b66bfbd6895e6115e6f533b2f739e1301a5d3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7c0fb7420c7bd15b07dba4e2c514fa748a0cdd74149d5f66148d3188c731228b
                                                                                                                                                                              • Instruction Fuzzy Hash: A64112B2700705ABE7108F799C06F8BB7E8AF4071DF004529EA1DCB611EB79E4118BD1
                                                                                                                                                                              Function 6BF72290 Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF72342
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF7235D
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF72392
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF7239F
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF723B8
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF723C9
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF723E2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$I1bf8975e567ea97a.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2044891589-0
                                                                                                                                                                              • Opcode ID: e570430fce4c711fbbe8f1cb52a3b9c79a3d6190f691a24a620831a9d4487b3d
                                                                                                                                                                              • Instruction ID: adaf583c7f867051cd06a868699cc3579f15dbc4f5b2e6ef0fd0972ea8c1c74e
                                                                                                                                                                              • Opcode Fuzzy Hash: e570430fce4c711fbbe8f1cb52a3b9c79a3d6190f691a24a620831a9d4487b3d
                                                                                                                                                                              • Instruction Fuzzy Hash: E9412AB3A043115BD710DF28E84294BB7E49F86758F0404BAF849C7222E73ADA54C7E3
                                                                                                                                                                              Function 6BFC21E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 108COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: ,$7$9
                                                                                                                                                                              • API String ID: 2102423945-1653249994
                                                                                                                                                                              • Opcode ID: 8a995c2b27bb8b037c44c8e8aec729e33f202ecd00c557c451a97611ca4748bc
                                                                                                                                                                              • Instruction ID: 9988e6a608fab6bca5cf69ac1f9ea809417abfcafdfa6a2990e2bf4b9e56f525
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a995c2b27bb8b037c44c8e8aec729e33f202ecd00c557c451a97611ca4748bc
                                                                                                                                                                              • Instruction Fuzzy Hash: B631C8B25083419FE314CF24D841BABBBE8AF84704F04495DF99447291E779E659CB93
                                                                                                                                                                              Function 6BFE2430 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BFE1A50: SI8c5d6a3d79dd16ae.SQLITE.INTEROP(?,?,00000001,?,?,?), ref: 6BFE1ACD
                                                                                                                                                                                • Part of subcall function 6BFE1A50: SIa364946505687432.SQLITE.INTEROP(?,?,?,?,00000000,00000000,?,?,?,?,00000000,00000000,6BFFE566), ref: 6BFE1AE1
                                                                                                                                                                                • Part of subcall function 6BFE1A50: SI06ad3f4f233fab5b.SQLITE.INTEROP(00000000,?,?,?,?,?,00000000,00000000,?,?,?,?,00000000,00000000,6BFFE566), ref: 6BFE1AFE
                                                                                                                                                                              • SIc14fb8a21feb2e94.SQLITE.INTEROP(00000000,SAVEPOINT replace_op,00000000,00000000,00000000), ref: 6BFE249E
                                                                                                                                                                              • SI8c5d6a3d79dd16ae.SQLITE.INTEROP(?,?,00000001,00000000,00000000,?,?,?), ref: 6BFE24D3
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?), ref: 6BFE24E3
                                                                                                                                                                              • SIc14fb8a21feb2e94.SQLITE.INTEROP(00000000,RELEASE replace_op,00000000,00000000,00000000), ref: 6BFE251F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I8c5d6a3d79dd16ae.Ia364946505687432.Ic14fb8a21feb2e94.$I06ad3f4f233fab5b.
                                                                                                                                                                              • String ID: RELEASE replace_op$SAVEPOINT replace_op
                                                                                                                                                                              • API String ID: 3125106539-3590263232
                                                                                                                                                                              • Opcode ID: d58fa3a2fd2cef18bba220f1fbc187ee7c8955dbb2192044243526f5545c0762
                                                                                                                                                                              • Instruction ID: 68fc38f42cae19a0281a3aa7941c749a95e4bcaa1cabf646d800e042e5c8e8bb
                                                                                                                                                                              • Opcode Fuzzy Hash: d58fa3a2fd2cef18bba220f1fbc187ee7c8955dbb2192044243526f5545c0762
                                                                                                                                                                              • Instruction Fuzzy Hash: 7C317EB7A043027BE3208A659D42F77B3AC9F84718F108959FD1A86261F639E90187B1
                                                                                                                                                                              Function 6BEF2470 Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ___set_flsgetvalue.LIBCMT ref: 6BEF2495
                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 6BEF24A1
                                                                                                                                                                              • __getptd.LIBCMT ref: 6BEF24AE
                                                                                                                                                                              • CreateThread.KERNEL32(?,?,6BEF240B,00000000,?,?), ref: 6BEF24E5
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 6BEF24EF
                                                                                                                                                                              • _free.LIBCMT ref: 6BEF24F8
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 6BEF2503
                                                                                                                                                                                • Part of subcall function 6BEF2362: __getptd_noexit.LIBCMT ref: 6BEF2362
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 155776804-0
                                                                                                                                                                              • Opcode ID: da54be496ee694b75bfa2d64aa3939e8634f30479f5f0c40ceccc33e23ce6231
                                                                                                                                                                              • Instruction ID: 1b6d4bd1cd03fe9598cb112222eb8c50095720242587d123688779d2e21455ff
                                                                                                                                                                              • Opcode Fuzzy Hash: da54be496ee694b75bfa2d64aa3939e8634f30479f5f0c40ceccc33e23ce6231
                                                                                                                                                                              • Instruction Fuzzy Hash: C011043260478AAFE711AFB4DC41D8B3BECEF55778B31402DF9148A140DB79D81386A5
                                                                                                                                                                              Function 6BF7CF80 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AA20,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7CFA9
                                                                                                                                                                              • SIdbdaa654d0b26d40.SQLITE.INTEROP(?,6BF1AF80,?), ref: 6BF7CFC8
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7CFA2
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7CF93
                                                                                                                                                                              • misuse, xrefs: 6BF7CF9D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.$Idbdaa654d0b26d40.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 1815078321-160653349
                                                                                                                                                                              • Opcode ID: b8a6df7d59b66bbe52f81d7f8a5638ea895ca3d2a2c8c879d399300452716765
                                                                                                                                                                              • Instruction ID: 3448e48d6a86adcf82f9730d4a609dd163e7e17454716254841ca06be5ec48c5
                                                                                                                                                                              • Opcode Fuzzy Hash: b8a6df7d59b66bbe52f81d7f8a5638ea895ca3d2a2c8c879d399300452716765
                                                                                                                                                                              • Instruction Fuzzy Hash: 69F0BE7378421526C71079BA7C02FCB7798CBC067AF0004B3FA0DEA652E369A50202E6
                                                                                                                                                                              Function 6BEF62EE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6C0314E0,00000008,6BEF63F6,00000000,00000000,?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C), ref: 6BEF62FF
                                                                                                                                                                              • __lock.LIBCMT ref: 6BEF6333
                                                                                                                                                                                • Part of subcall function 6BEFC1A2: __mtinitlocknum.LIBCMT ref: 6BEFC1B8
                                                                                                                                                                                • Part of subcall function 6BEFC1A2: __amsg_exit.LIBCMT ref: 6BEFC1C4
                                                                                                                                                                                • Part of subcall function 6BEFC1A2: EnterCriticalSection.KERNEL32(00000000,00000000,?,6BEF64C6,0000000D,6C031508,00000008,6BEF65BD,00000000,?,6BEF3311,00000000,6C031440,00000008,6BEF3376,?), ref: 6BEFC1CC
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(?), ref: 6BEF6340
                                                                                                                                                                              • __lock.LIBCMT ref: 6BEF6354
                                                                                                                                                                              • ___addlocaleref.LIBCMT ref: 6BEF6372
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                              • String ID: KERNEL32.DLL
                                                                                                                                                                              • API String ID: 637971194-2576044830
                                                                                                                                                                              • Opcode ID: 9ea6f4971cf3d92104865f935eb139779814e2d7519a2a29ae13be0b000b2b85
                                                                                                                                                                              • Instruction ID: 77ae29e4b577a947de874a90a6d83fb5fc5e156627adf299faadde4169d6872f
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ea6f4971cf3d92104865f935eb139779814e2d7519a2a29ae13be0b000b2b85
                                                                                                                                                                              • Instruction Fuzzy Hash: 6101AD71904B00EFE7209FBAC406749FBF8AF41324F20890DD09A977A0CBB8A641CB14
                                                                                                                                                                              Function 6BEF240B Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ___set_flsgetvalue.LIBCMT ref: 6BEF2411
                                                                                                                                                                                • Part of subcall function 6BEF6260: TlsGetValue.KERNEL32(00000000,6BEF63B9,?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD,00000000,00000000), ref: 6BEF6269
                                                                                                                                                                                • Part of subcall function 6BEF6260: DecodePointer.KERNEL32(?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD,00000000,00000000,?,6BEF64C6,0000000D), ref: 6BEF627B
                                                                                                                                                                                • Part of subcall function 6BEF6260: TlsSetValue.KERNEL32(00000000,?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD,00000000,00000000,?,6BEF64C6), ref: 6BEF628A
                                                                                                                                                                              • ___fls_getvalue@4.LIBCMT ref: 6BEF241C
                                                                                                                                                                                • Part of subcall function 6BEF6240: TlsGetValue.KERNEL32(?,?,6BEF2421,00000000), ref: 6BEF624E
                                                                                                                                                                              • ___fls_setvalue@8.LIBCMT ref: 6BEF242F
                                                                                                                                                                                • Part of subcall function 6BEF6294: DecodePointer.KERNEL32(?,?,?,6BEF2434,00000000,?,00000000), ref: 6BEF62A5
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 6BEF2438
                                                                                                                                                                              • ExitThread.KERNEL32 ref: 6BEF243F
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 6BEF2445
                                                                                                                                                                              • __freefls@4.LIBCMT ref: 6BEF2465
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2383549826-0
                                                                                                                                                                              • Opcode ID: a3bab17f1f9226e69917d0d20c8d6760bc010bc57088f01f6861e6b21c2cd181
                                                                                                                                                                              • Instruction ID: 57b58c5a23f24311463d8ffc880023108ed9dded63c263f5c887d352df23246c
                                                                                                                                                                              • Opcode Fuzzy Hash: a3bab17f1f9226e69917d0d20c8d6760bc010bc57088f01f6861e6b21c2cd181
                                                                                                                                                                              • Instruction Fuzzy Hash: 76F03074A04644AFD704AF71C50A84E7BBDAF9934C731C45CE9198B211EB3CD843DBA5
                                                                                                                                                                              Function 6BF45960 Relevance: 9.3, APIs: 6, Instructions: 290COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF45A38
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF45A98
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF45B4C
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,?,?), ref: 6BF45C00
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(0000000B,?,?,?), ref: 6BF45C5E
                                                                                                                                                                                • Part of subcall function 6BF2CC40: SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,?,6BF3D2C9,?,?,?,?,?,?), ref: 6BF2CC76
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,?,?,?), ref: 6BF45CD7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: 09c63bd7f22cb6c86086331d38ea4198620ad4520e767c3c3f04384edb68e5ee
                                                                                                                                                                              • Instruction ID: eb8b2305906a5deee416d8254b20e3dc7dd6e47919dd2db716082f8c1424bc1d
                                                                                                                                                                              • Opcode Fuzzy Hash: 09c63bd7f22cb6c86086331d38ea4198620ad4520e767c3c3f04384edb68e5ee
                                                                                                                                                                              • Instruction Fuzzy Hash: D1B19173700606ABDB15AF74D8C17E7FBA4BF46318F000255DA2D87222E73AA954CB92
                                                                                                                                                                              Function 6BF4C9E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 362COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • foreign key on %s should reference only one column of table %T, xrefs: 6BF4CA3A
                                                                                                                                                                              • unknown column "%s" in foreign key definition, xrefs: 6BF4CCA6
                                                                                                                                                                              • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6BF4CA63
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                              • API String ID: 2102423945-272990098
                                                                                                                                                                              • Opcode ID: 0d551461d1cce77a0543a93efcea2343b2ee2885f66aa9af7b6441a367278297
                                                                                                                                                                              • Instruction ID: 2b8519e07dee93485fddd33e2c0c290c0e4bb785eba203607476b83522bc9c7b
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d551461d1cce77a0543a93efcea2343b2ee2885f66aa9af7b6441a367278297
                                                                                                                                                                              • Instruction Fuzzy Hash: B3E17172E042169FDB14CF68C490AAEBFF5FF45304F1455A9D825AB322D738E949CB90
                                                                                                                                                                              Function 6BF6AC30 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 300COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP(?), ref: 6BF6AC90
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(00000000), ref: 6BF6ACAC
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP ref: 6BF6ACBB
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP(?), ref: 6BF6AD35
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I5b914c29cf5a7984.$I8b0d9e6837e61abc.Iffb8076c269e2a85.
                                                                                                                                                                              • String ID: string or blob too big
                                                                                                                                                                              • API String ID: 2728433035-2803948771
                                                                                                                                                                              • Opcode ID: ff20f2df6e2d004cd321a5309d47d0ff05b7b6365db8d55e16bd3df41eb86f5c
                                                                                                                                                                              • Instruction ID: 4549cd46b7e715f5a3c0362dcda67cf1a20ae739feca7d5a05ad7e72da3b9f69
                                                                                                                                                                              • Opcode Fuzzy Hash: ff20f2df6e2d004cd321a5309d47d0ff05b7b6365db8d55e16bd3df41eb86f5c
                                                                                                                                                                              • Instruction Fuzzy Hash: 5DA10873908B624BD705CE68885025AB7E1BF863A4F140BADECB5873F0F739D8458782
                                                                                                                                                                              Function 6BEF81B3 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __getptd.LIBCMT ref: 6BEF81BF
                                                                                                                                                                                • Part of subcall function 6BEF641B: __getptd_noexit.LIBCMT ref: 6BEF641E
                                                                                                                                                                                • Part of subcall function 6BEF641B: __amsg_exit.LIBCMT ref: 6BEF642B
                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 6BEF81DF
                                                                                                                                                                              • __lock.LIBCMT ref: 6BEF81EF
                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 6BEF820C
                                                                                                                                                                              • _free.LIBCMT ref: 6BEF821F
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(06991658), ref: 6BEF8237
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3470314060-0
                                                                                                                                                                              • Opcode ID: fe44dcbc0c84356cefe9a8154dd562e055fcfda72156e2ef67b38acb9fd84de7
                                                                                                                                                                              • Instruction ID: 627e369fadd65dc5205f04ce8ce0572293f86698bfa4efa2b12d11cf64634a25
                                                                                                                                                                              • Opcode Fuzzy Hash: fe44dcbc0c84356cefe9a8154dd562e055fcfda72156e2ef67b38acb9fd84de7
                                                                                                                                                                              • Instruction Fuzzy Hash: 36016132A00A21EBEB119F6A940575977F8EF06768F225189D814AB780CB386653DBD1
                                                                                                                                                                              Function 6BF665B9 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 293COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv__aulldvrm__aullrem
                                                                                                                                                                              • String ID: %$F
                                                                                                                                                                              • API String ID: 1415644573-2945472538
                                                                                                                                                                              • Opcode ID: 97636ab10e71f98f560099efdb49baa5c968789c060d3229b67762857701996e
                                                                                                                                                                              • Instruction ID: 17ffb4ba1ba0bdd4171ba641f3c77d17d87af66475a1fc965778cd15a2ec5594
                                                                                                                                                                              • Opcode Fuzzy Hash: 97636ab10e71f98f560099efdb49baa5c968789c060d3229b67762857701996e
                                                                                                                                                                              • Instruction Fuzzy Hash: ECB1AD726087819FD714CF38848079ABBE1BF8A394F18499DFC9597321E739D845CB82
                                                                                                                                                                              Function 6BF665CD Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 291COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __aulldiv__aulldvrm__aullrem
                                                                                                                                                                              • String ID: %$F
                                                                                                                                                                              • API String ID: 1415644573-2945472538
                                                                                                                                                                              • Opcode ID: b8d1fe1495183cd7dd10297105811935902dba52199b991d946bbb79efc83c5e
                                                                                                                                                                              • Instruction ID: 4ec9e1d08e241920560e067d69023c757095b4e27a9f562e7314fce2d2b42d58
                                                                                                                                                                              • Opcode Fuzzy Hash: b8d1fe1495183cd7dd10297105811935902dba52199b991d946bbb79efc83c5e
                                                                                                                                                                              • Instruction Fuzzy Hash: B4B1AC726087819FD714CF38848069ABBE1BF8A394F19499DFCD597321E739E845CB82
                                                                                                                                                                              Function 6BF76840 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 197COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 0-2469029621
                                                                                                                                                                              • Opcode ID: 178e304dc606bc23ef2f21fb1a792765b2b00066558e5fd19487d3cb47621ddd
                                                                                                                                                                              • Instruction ID: 495eee50708feabd72b7217d08476ea6dd185a2727ad1bbe2005c0dc21cf9344
                                                                                                                                                                              • Opcode Fuzzy Hash: 178e304dc606bc23ef2f21fb1a792765b2b00066558e5fd19487d3cb47621ddd
                                                                                                                                                                              • Instruction Fuzzy Hash: 9371C672D04215ABDB14DF69D88066EBBF1FF45304F0484EAF858AB256E738DA10CBA0
                                                                                                                                                                              Function 6BF5DFD0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF5E050
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF5E0B2
                                                                                                                                                                              • __localtime64_s.LIBCMT ref: 6BF5E0F5
                                                                                                                                                                              • __allrem.LIBCMT ref: 6BF5E171
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem__localtime64_s
                                                                                                                                                                              • String ID: local time unavailable
                                                                                                                                                                              • API String ID: 88041608-3313036412
                                                                                                                                                                              • Opcode ID: 4c1bc2fdf1786d0bd4d0f56e018258dcf05165f32c2512d44ee31b8d8cf8bcea
                                                                                                                                                                              • Instruction ID: 3fa348ed003990b426eae01a0333507388e647c64dc7725b92c139938ae8b616
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c1bc2fdf1786d0bd4d0f56e018258dcf05165f32c2512d44ee31b8d8cf8bcea
                                                                                                                                                                              • Instruction Fuzzy Hash: 52515F736187418FD710CF68C881A1BBBE5FF98754F104A2EF599872A0DB78E905CB92
                                                                                                                                                                              Function 6BF72870 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 154COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • unable to delete/modify collation sequence due to active statements, xrefs: 6BF72904
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF72A24
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF72A15
                                                                                                                                                                              • misuse, xrefs: 6BF72A1F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse$unable to delete/modify collation sequence due to active statements
                                                                                                                                                                              • API String ID: 0-1278717071
                                                                                                                                                                              • Opcode ID: cb22c1e0d3eed926ad3f9da7d78a46a64bb54aeadaa865dbdb4595ef5fc42108
                                                                                                                                                                              • Instruction ID: 6df799b3fe936592622822c62aa52566c2ea15ca1a4e560c71fc0d080c6e67b8
                                                                                                                                                                              • Opcode Fuzzy Hash: cb22c1e0d3eed926ad3f9da7d78a46a64bb54aeadaa865dbdb4595ef5fc42108
                                                                                                                                                                              • Instruction Fuzzy Hash: 9951D6736042059BD720DF28E881B6AF7E4EB46315F0885FBEC588B2A1D73AE550CB91
                                                                                                                                                                              Function 6BF74120 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012DCF,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7423E
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012DBC,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74291
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 22e7ac5c847793737bcc21ff0d293c737e1b3232af9124c7cdcf2dec16216caa
                                                                                                                                                                              • Instruction ID: c1dc1984b1ffede0180c6cc9150295a4ac42ddbd0dcd9612fe457c39ef923d47
                                                                                                                                                                              • Opcode Fuzzy Hash: 22e7ac5c847793737bcc21ff0d293c737e1b3232af9124c7cdcf2dec16216caa
                                                                                                                                                                              • Instruction Fuzzy Hash: 8141F472A00611AFD720DF68D981E9AB7F5FF44714F5044A9E90AEBA61E334FD50CBA0
                                                                                                                                                                              Function 6BF7C710 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF7C7B4
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000353F9,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,6BF8459C), ref: 6BF7C812
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF7C806
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7C80B
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7C7FC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d._memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 3064812586-2469029621
                                                                                                                                                                              • Opcode ID: 6accaaf1802d8496b530935df3315cd00d19e379cf30ea7ed7d97635606e8fac
                                                                                                                                                                              • Instruction ID: b5345948bd88c33cc68eee196d02dde3d3fae7eb694aa30785e53ce3f6dcd4b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 6accaaf1802d8496b530935df3315cd00d19e379cf30ea7ed7d97635606e8fac
                                                                                                                                                                              • Instruction Fuzzy Hash: DE41C3B2A042118FCB28DF28E881A6A77E5FF84714F0446AEED498B306E735D915CBD1
                                                                                                                                                                              Function 6BF68FB0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP ref: 6BF69032
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP ref: 6BF69060
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF690BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I8b0d9e6837e61abc.$Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID: JSON cannot hold BLOB values$null
                                                                                                                                                                              • API String ID: 837155543-1864232943
                                                                                                                                                                              • Opcode ID: 4a5280db0d8052056ce65470c043bcfab724cd683dae784cf41dec8b087343ad
                                                                                                                                                                              • Instruction ID: 192a639f2709e3aee647f6702abfb0172391b4c2f29820e3f9437fbf908423be
                                                                                                                                                                              • Opcode Fuzzy Hash: 4a5280db0d8052056ce65470c043bcfab724cd683dae784cf41dec8b087343ad
                                                                                                                                                                              • Instruction Fuzzy Hash: 5931E7B3A007005BD7208F3DEC41752B3E5EB49268F14466DDC6AC76A2FB3AE5148792
                                                                                                                                                                              Function 6BF79AB0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF79B63
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000127D3,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF79BBE
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF79BB2
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF79BB7
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF79BA8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d._memmove
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 3148929312-2469029621
                                                                                                                                                                              • Opcode ID: 1ee034a5ab2c9ed629ed86f3087976448d4b749218e22938511a1b4048bf5518
                                                                                                                                                                              • Instruction ID: 25794d7eef0ff1caef892b349905031168396d72b3d43e052bdda44b28be7f28
                                                                                                                                                                              • Opcode Fuzzy Hash: 1ee034a5ab2c9ed629ed86f3087976448d4b749218e22938511a1b4048bf5518
                                                                                                                                                                              • Instruction Fuzzy Hash: 2D419272A0420AAFCB14DF68D481D9EB7B1FF84314F1080FAE8099B352E734EA45CB90
                                                                                                                                                                              Function 6BF74C80 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011176,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74D00
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011160,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74D5B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 212ae13a1e7e4bd14b2c5775b8db97a54bb00c1007667c3e79a117e6a2ec44a1
                                                                                                                                                                              • Instruction ID: b519bb99f64e2ad58c6bd20996f5b5ffc70812ce82bdab0e297abf9edb95b42c
                                                                                                                                                                              • Opcode Fuzzy Hash: 212ae13a1e7e4bd14b2c5775b8db97a54bb00c1007667c3e79a117e6a2ec44a1
                                                                                                                                                                              • Instruction Fuzzy Hash: 0D31BD333041511AD3219E6CAC81DA5FBE1EB8531674985FEED4C9B643C37AD442C7E0
                                                                                                                                                                              Function 6BF8A3B0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002ACAC,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,6BF8D789,?,?,00000000,00000000,00000000), ref: 6BF8A3DA
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8A3D3
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8A3C4
                                                                                                                                                                              • unknown database: %s, xrefs: 6BF8A43E
                                                                                                                                                                              • misuse, xrefs: 6BF8A3CE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse$unknown database: %s
                                                                                                                                                                              • API String ID: 2981141233-630002017
                                                                                                                                                                              • Opcode ID: 98b9c748dd67cf3e136882fd456290337ba7f5e725e9a0f2c4f236883e47307d
                                                                                                                                                                              • Instruction ID: 0d954885d2b424a11cabebbebfffbb2941b561a169f13742d62acc2ca20b9551
                                                                                                                                                                              • Opcode Fuzzy Hash: 98b9c748dd67cf3e136882fd456290337ba7f5e725e9a0f2c4f236883e47307d
                                                                                                                                                                              • Instruction Fuzzy Hash: 11319E73B002119BDF109E699C89B5A77F8EB40B25F0402B9ED1D9B2F2E779C85087A1
                                                                                                                                                                              Function 6BF79BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012646,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF79C46
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF79C3A
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF79C3F
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF79C30
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 1e16e5eb3d933bed8fd83c782eb293fd60c47f7947f9093c5a7473c1e212a799
                                                                                                                                                                              • Instruction ID: 74643540e2c486f0a813783306165e7cd84d8dec168961ebdbf89c83d7013889
                                                                                                                                                                              • Opcode Fuzzy Hash: 1e16e5eb3d933bed8fd83c782eb293fd60c47f7947f9093c5a7473c1e212a799
                                                                                                                                                                              • Instruction Fuzzy Hash: EB3126752086859FCB20CF69D990966BBF1EF45318B0486EDEC9E4BB43D235E905CBA0
                                                                                                                                                                              Function 6BFFE8C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BFEB650: SIdb45e174afb28e2c.SQLITE.INTEROP(%z%s"%w"."%w"."%w" IS NOT "%w"."%w"."%w",00000000,6C026F50,?,?,?,?,?,?,?,?,?,6BFFE8E3,?,?,?), ref: 6BFEB68B
                                                                                                                                                                                • Part of subcall function 6BFEB650: SIdb45e174afb28e2c.SQLITE.INTEROP(6C028268,?,?,?,6BFFE8E3,?,?,?,?,?,00000000,6C0021D9,?,?), ref: 6BFEB6AB
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(SELECT * FROM "%w"."%w", "%w"."%w" WHERE %s AND (%z),?,?,?,?,6C0021D9,00000000,?,?,?,?,00000000,6C0021D9,?,?), ref: 6BFFE901
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?), ref: 6BFFE94A
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?,00000017,?), ref: 6BFFE962
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFFE97F
                                                                                                                                                                              Strings
                                                                                                                                                                              • SELECT * FROM "%w"."%w", "%w"."%w" WHERE %s AND (%z), xrefs: 6BFFE8FC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Idb45e174afb28e2c.$Ia364946505687432.$Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID: SELECT * FROM "%w"."%w", "%w"."%w" WHERE %s AND (%z)
                                                                                                                                                                              • API String ID: 2723302667-1366569373
                                                                                                                                                                              • Opcode ID: 725ecda8fa3bc461c7916bc6fcc9af7085c2e954d117e2d804422798dd6f75e0
                                                                                                                                                                              • Instruction ID: 6e227944bb7754306791b28dcf5b547dbc5c74aaa95c677b3b2f6ad7e0fef4f0
                                                                                                                                                                              • Opcode Fuzzy Hash: 725ecda8fa3bc461c7916bc6fcc9af7085c2e954d117e2d804422798dd6f75e0
                                                                                                                                                                              • Instruction Fuzzy Hash: 592191B6A00205ABDB10CFA9DC41E6BB7BCDF84714F1485A8F8099B361D739E90187B1
                                                                                                                                                                              Function 6BF7A830 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001131D,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,?,6BF80B7D), ref: 6BF7A861
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001132B,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,?,6BF80B7D), ref: 6BF7A8EF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: e8fcdfd02e813ec3d62e4445469dd32f2b928b3bec6412111cd2c8bb0a16606e
                                                                                                                                                                              • Instruction ID: cab7368bdf5a17c4f7e7dbca35a8491893ec83dae4a62cacaf042583897e7a60
                                                                                                                                                                              • Opcode Fuzzy Hash: e8fcdfd02e813ec3d62e4445469dd32f2b928b3bec6412111cd2c8bb0a16606e
                                                                                                                                                                              • Instruction Fuzzy Hash: E9213B722046514AC334AF39D951B93BBF0DF44312B0449BEE5DECBE97E328E4149B60
                                                                                                                                                                              Function 6BF74670 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000112FD,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,00000000,00000000), ref: 6BF74711
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 68e7674cc3fcc34d1e81136d2555d027c1272b4f8d4bc15339babab848021107
                                                                                                                                                                              • Instruction ID: 59c97dcea8eb04d914e635575b0c11c14815edc30fd8c40949126bda3784ee48
                                                                                                                                                                              • Opcode Fuzzy Hash: 68e7674cc3fcc34d1e81136d2555d027c1272b4f8d4bc15339babab848021107
                                                                                                                                                                              • Instruction Fuzzy Hash: CA213872A402199BC720DF59DC41BAEF3F0EF80715F1041EAE88997B51E3395642CBA1
                                                                                                                                                                              Function 6BFE5A50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000079BC,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,?,?), ref: 6BFE5A89
                                                                                                                                                                              Strings
                                                                                                                                                                              • F, xrefs: 6BFE5AC1
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFE5A82
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFE5A73
                                                                                                                                                                              • misuse, xrefs: 6BFE5A7D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$F$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-3876738975
                                                                                                                                                                              • Opcode ID: ce8e5a4a02d6e6c1cf086f17b9dafe61a358691528d60ec19260399054c2e5fc
                                                                                                                                                                              • Instruction ID: 26590d7ee40d53810d1c1d381571c8f11f0da5e4ce513d536597014d675088e1
                                                                                                                                                                              • Opcode Fuzzy Hash: ce8e5a4a02d6e6c1cf086f17b9dafe61a358691528d60ec19260399054c2e5fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 0A21C4726083056BC700DF68D88296BB7E4EF88768F40066EFA8D97250E7389905CBD3
                                                                                                                                                                              Function 6BF75970 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF759AF
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0000FB1B,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,?,?,6BF7AD52,?,?,?,?,?,?,?), ref: 6BF75A2A
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF75A1E
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF75A23
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF75A14
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d._memset
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 3064812586-2469029621
                                                                                                                                                                              • Opcode ID: eb4cb98bc0a4849d490cf4e07054bd903611407f782d3bf379e89abe4ca81cc8
                                                                                                                                                                              • Instruction ID: a05c4d28c9e92eb00512a4bcc8d3b792d9b28217a62a4525837ccca04c850036
                                                                                                                                                                              • Opcode Fuzzy Hash: eb4cb98bc0a4849d490cf4e07054bd903611407f782d3bf379e89abe4ca81cc8
                                                                                                                                                                              • Instruction Fuzzy Hash: 78210B73B0021667DB10AAACEC81AFEB3B9EB94314F0405BADA19A7345E735E90187D0
                                                                                                                                                                              Function 6BF78450 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00024C8A,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7847B
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00024C8F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF784BB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 865fc3e5882063a61e15454d803daf7218fdf47484ac9427051b3142989dc2a9
                                                                                                                                                                              • Instruction ID: cada4782190587d3a96595d12e887b64efe97978e4873bc88d3d98a505c2478c
                                                                                                                                                                              • Opcode Fuzzy Hash: 865fc3e5882063a61e15454d803daf7218fdf47484ac9427051b3142989dc2a9
                                                                                                                                                                              • Instruction Fuzzy Hash: 3921057364425197DB20EE79AC81E463798BB01B19F1400FAEE1D9F363E7A9C80087E2
                                                                                                                                                                              Function 6BFFE990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(SELECT * FROM "%w"."%w" WHERE NOT EXISTS ( SELECT 1 FROM "%w"."%w" WHERE %s),00000000,?,?,?,00000000,?,?,00000000,?,6C00219E,00000012,?,?,?,?), ref: 6BFFE9A9
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?), ref: 6BFFE9EE
                                                                                                                                                                              • SIa364946505687432.SQLITE.INTEROP(?,?,?), ref: 6BFFEA10
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BFFEA29
                                                                                                                                                                              Strings
                                                                                                                                                                              • SELECT * FROM "%w"."%w" WHERE NOT EXISTS ( SELECT 1 FROM "%w"."%w" WHERE %s), xrefs: 6BFFE9A4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Ia364946505687432.$Iaa0f8e0c251cfd1d.Idb45e174afb28e2c.
                                                                                                                                                                              • String ID: SELECT * FROM "%w"."%w" WHERE NOT EXISTS ( SELECT 1 FROM "%w"."%w" WHERE %s)
                                                                                                                                                                              • API String ID: 1407660740-1508026296
                                                                                                                                                                              • Opcode ID: 4f6b53bac2a0b98dee231352b29e0d78fee068ce31b5128f8d9c6a248f4c00bb
                                                                                                                                                                              • Instruction ID: 25f77bc6d0daad9cd92231fe33eb235fd1d9474ae47b186fe644a4751fd4cc1c
                                                                                                                                                                              • Opcode Fuzzy Hash: 4f6b53bac2a0b98dee231352b29e0d78fee068ce31b5128f8d9c6a248f4c00bb
                                                                                                                                                                              • Instruction Fuzzy Hash: E21186B3A101157BDB10DAA89C82FAA739CDB05268F144591FD08D7361E779ED1147E2
                                                                                                                                                                              Function 6BF76F90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002B645,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF76FB1
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF76FAA
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF76F9B
                                                                                                                                                                              • SQLITE_, xrefs: 6BF76FC0
                                                                                                                                                                              • misuse, xrefs: 6BF76FA5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$SQLITE_$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-947822902
                                                                                                                                                                              • Opcode ID: 99e2700740b5eb9f2e9a3f8adc25f53415494c2bc55622f1b2f335db156d570d
                                                                                                                                                                              • Instruction ID: 72f2981ca1685dea801dcdc21a505bb750afd3d9e1a7b32fbe8292f1616918fe
                                                                                                                                                                              • Opcode Fuzzy Hash: 99e2700740b5eb9f2e9a3f8adc25f53415494c2bc55622f1b2f335db156d570d
                                                                                                                                                                              • Instruction Fuzzy Hash: D21106B3E0822527D32165A9BC45FC6BBD88B817A8F0404F6FD1C9BA52F25DD90046D0
                                                                                                                                                                              Function 6BF766A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000079EB,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000001,00000000), ref: 6BF76714
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7670D
                                                                                                                                                                              • 2, xrefs: 6BF766D7
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF766FE
                                                                                                                                                                              • misuse, xrefs: 6BF76708
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-554099259
                                                                                                                                                                              • Opcode ID: f7c54e87af21cccac7ffd7ba4887dfca257a46356fab45167629da2db9bc4a76
                                                                                                                                                                              • Instruction ID: a0e7ed933d81a3f366be790135e4995d7a5eda8298c2316889ca5f328cf7e922
                                                                                                                                                                              • Opcode Fuzzy Hash: f7c54e87af21cccac7ffd7ba4887dfca257a46356fab45167629da2db9bc4a76
                                                                                                                                                                              • Instruction Fuzzy Hash: FD11D372508344AFC300DF68888185BBBE4BBC8748F044A6DF49C8B211EB78D6088B97
                                                                                                                                                                              Function 6BF7C9E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7CA0B
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7CA56
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 0f724fa1152f611bcc6704385e8562fe3a38935324af39a650c1e4104f6aa584
                                                                                                                                                                              • Instruction ID: 304710545aa2fa0f0d0031d71854a666a8d50aa4b8d6309c8d7230e832a13d7a
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f724fa1152f611bcc6704385e8562fe3a38935324af39a650c1e4104f6aa584
                                                                                                                                                                              • Instruction Fuzzy Hash: 8201D633740615679710BA796C05E06F7A8AF81B6AF0440B2FE1DAB712F768E9104AD2
                                                                                                                                                                              Function 6BF7C940 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7C96B
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7C9B6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 663938b8de1c4c4fb3cf1c45671e0ba2df2098381a0486769da3f1ceab8426b5
                                                                                                                                                                              • Instruction ID: 26c109581c1425fe6be9c551fc42405b70c2394831687cd6ee60d372a43a83ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 663938b8de1c4c4fb3cf1c45671e0ba2df2098381a0486769da3f1ceab8426b5
                                                                                                                                                                              • Instruction Fuzzy Hash: 7401B9737406157787507A796C05E06BBB8AF41B69B0400B2FE1DEB711F768E91046D6
                                                                                                                                                                              Function 6BF765F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000079EB,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000), ref: 6BF76661
                                                                                                                                                                              Strings
                                                                                                                                                                              • 2, xrefs: 6BF76624
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7665A
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7664B
                                                                                                                                                                              • misuse, xrefs: 6BF76655
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$2$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-554099259
                                                                                                                                                                              • Opcode ID: 55a31bc9e201feb0634909f5ef46a2907500c47ebfb8d7e34f736eaaa69324ba
                                                                                                                                                                              • Instruction ID: 1183e81cebba3fca41749238b2e52f774770ded278987c8e2e44c6bda7e7b615
                                                                                                                                                                              • Opcode Fuzzy Hash: 55a31bc9e201feb0634909f5ef46a2907500c47ebfb8d7e34f736eaaa69324ba
                                                                                                                                                                              • Instruction Fuzzy Hash: A81182B2508345ABC700DF68D89195BBBE4BB88708F404A6DF49D9B251E774D708CBD7
                                                                                                                                                                              Function 6BF6C940 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI25d73a5ab4d6cacb.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF6C95D
                                                                                                                                                                              • SI558bdfe0e27562ea.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF6C9AF
                                                                                                                                                                              • SI25ca8d2baaee0750.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?), ref: 6BF6CA32
                                                                                                                                                                              • SI30455e90830ca460.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF6CA61
                                                                                                                                                                              • SI8259474343588db4.SQLITE.INTEROP(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF6CA70
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I25ca8d2baaee0750.I25d73a5ab4d6cacb.I30455e90830ca460.I558bdfe0e27562ea.I8259474343588db4.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1749639562-0
                                                                                                                                                                              • Opcode ID: 785690cd5cfe74611f98cfd2a3136a7bc38256081593ebacd6d4fc124bc0f6aa
                                                                                                                                                                              • Instruction ID: a96f9d798fdbd76db507a36504dd2bbe70b144fa58ec31bef2f7fdc80ce41694
                                                                                                                                                                              • Opcode Fuzzy Hash: 785690cd5cfe74611f98cfd2a3136a7bc38256081593ebacd6d4fc124bc0f6aa
                                                                                                                                                                              • Instruction Fuzzy Hash: 065151B6904211AFDB10DB24CC81B66BBA9FB85394F048559FC98C7321E739E954CBE2
                                                                                                                                                                              Function 6BEFC542 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _malloc.LIBCMT ref: 6BEFC550
                                                                                                                                                                                • Part of subcall function 6BEFC4AE: __FF_MSGBANNER.LIBCMT ref: 6BEFC4C7
                                                                                                                                                                                • Part of subcall function 6BEFC4AE: __NMSG_WRITE.LIBCMT ref: 6BEFC4CE
                                                                                                                                                                                • Part of subcall function 6BEFC4AE: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD), ref: 6BEFC4F3
                                                                                                                                                                              • _free.LIBCMT ref: 6BEFC563
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocHeap_free_malloc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2734353464-0
                                                                                                                                                                              • Opcode ID: fc5cafe268b8dac9c84211c3278d30df665fcc4fdb362951af394c2dc73d9149
                                                                                                                                                                              • Instruction ID: be39ff461ba9f8cc70e566dd4be2741de73ca8804a529e053152ef7671c43ab6
                                                                                                                                                                              • Opcode Fuzzy Hash: fc5cafe268b8dac9c84211c3278d30df665fcc4fdb362951af394c2dc73d9149
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D113672B45212ABCB111B78D804B493BACBF917B9F31442EF9488A380DF3C89938794
                                                                                                                                                                              Function 6BEF8934 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __getptd.LIBCMT ref: 6BEF8940
                                                                                                                                                                                • Part of subcall function 6BEF641B: __getptd_noexit.LIBCMT ref: 6BEF641E
                                                                                                                                                                                • Part of subcall function 6BEF641B: __amsg_exit.LIBCMT ref: 6BEF642B
                                                                                                                                                                              • __getptd.LIBCMT ref: 6BEF8957
                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 6BEF8965
                                                                                                                                                                              • __lock.LIBCMT ref: 6BEF8975
                                                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 6BEF8989
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                                                              • Opcode ID: 8bfcc599e38c6454bc0361fb8f61de24089019026e689e25a22c6cb02590798b
                                                                                                                                                                              • Instruction ID: d9078c89dd6b7c30b4a33b06857e820820b6f4d2c782fc574910e862447976bc
                                                                                                                                                                              • Opcode Fuzzy Hash: 8bfcc599e38c6454bc0361fb8f61de24089019026e689e25a22c6cb02590798b
                                                                                                                                                                              • Instruction Fuzzy Hash: 8EF09032944611DFE721AFB9880270D77E8EF01728F71418DD459AB2C0CB3C45539A5A
                                                                                                                                                                              Function 6BEF23FF Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BEF798F: _doexit.LIBCMT ref: 6BEF799B
                                                                                                                                                                              • ___set_flsgetvalue.LIBCMT ref: 6BEF2411
                                                                                                                                                                                • Part of subcall function 6BEF6260: TlsGetValue.KERNEL32(00000000,6BEF63B9,?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD,00000000,00000000), ref: 6BEF6269
                                                                                                                                                                                • Part of subcall function 6BEF6260: DecodePointer.KERNEL32(?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD,00000000,00000000,?,6BEF64C6,0000000D), ref: 6BEF627B
                                                                                                                                                                                • Part of subcall function 6BEF6260: TlsSetValue.KERNEL32(00000000,?,6BEF610E,00000000,00000001,00000000,?,6BEFC12D,00000018,6C0315D0,0000000C,6BEFC1BD,00000000,00000000,?,6BEF64C6), ref: 6BEF628A
                                                                                                                                                                              • ___fls_getvalue@4.LIBCMT ref: 6BEF241C
                                                                                                                                                                                • Part of subcall function 6BEF6240: TlsGetValue.KERNEL32(?,?,6BEF2421,00000000), ref: 6BEF624E
                                                                                                                                                                              • ___fls_setvalue@8.LIBCMT ref: 6BEF242F
                                                                                                                                                                                • Part of subcall function 6BEF6294: DecodePointer.KERNEL32(?,?,?,6BEF2434,00000000,?,00000000), ref: 6BEF62A5
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000000), ref: 6BEF2438
                                                                                                                                                                              • ExitThread.KERNEL32 ref: 6BEF243F
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 6BEF2445
                                                                                                                                                                              • __freefls@4.LIBCMT ref: 6BEF2465
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 781180411-0
                                                                                                                                                                              • Opcode ID: 79f0d18d953ea259a20d9ad299e1546e3f20c6e655940db1235955e524adc6e7
                                                                                                                                                                              • Instruction ID: e365663b64b3a5f5e863b6c71c2b21a56e7e5ea428f8ceec6d7378a3cdd490fe
                                                                                                                                                                              • Opcode Fuzzy Hash: 79f0d18d953ea259a20d9ad299e1546e3f20c6e655940db1235955e524adc6e7
                                                                                                                                                                              • Instruction Fuzzy Hash: 9DE04631D04208ABEF012BB1880B89F3B3DAE9A34CB314448BE2593100EF7C9913D6A6
                                                                                                                                                                              Function 6BF8EC80 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001309F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF8ED0D
                                                                                                                                                                                • Part of subcall function 6BF83790: SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000119B4,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,74FF8504,6BFAAEB6,?,6BFA593B,?,?,?,?,?,?,6BFAAEB6), ref: 6BF837C4
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF8ED01
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8ED06
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8ECF7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 3b2b8973d91a2ad46feaab19ddccf1e9fba15985b95267a56d36df7a328cf356
                                                                                                                                                                              • Instruction ID: 5091ff97a01be5c011014027ec1963969e3733cde48bf5fb5652325ee4b0de9d
                                                                                                                                                                              • Opcode Fuzzy Hash: 3b2b8973d91a2ad46feaab19ddccf1e9fba15985b95267a56d36df7a328cf356
                                                                                                                                                                              • Instruction Fuzzy Hash: 0191A173B142128BC710CF68D881A5BB3F5EB84718F0949A9ED599B225E735EC0A87D2
                                                                                                                                                                              Function 6BF64920 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: domain error
                                                                                                                                                                              • API String ID: 0-1959930803
                                                                                                                                                                              • Opcode ID: 90071c6000ca1a56d2481273e39a8eee3dba0f4a5bff8455cbe0788fb69d22f9
                                                                                                                                                                              • Instruction ID: c339c3f3687b37dca0e3253dc302765d76ca30d0ea718432245ec525065573ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 90071c6000ca1a56d2481273e39a8eee3dba0f4a5bff8455cbe0788fb69d22f9
                                                                                                                                                                              • Instruction Fuzzy Hash: BC711A77A082119BC700EE69D8A164AB3E1FFC5368F1447A9ECA8D7361F739D84187D2
                                                                                                                                                                              Function 6BF9A730 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 224COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF9A951
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF9A956
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF9A947
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 0-2469029621
                                                                                                                                                                              • Opcode ID: dc379592a005adf29b79693d3865baa0041bf56eafe7dbe30dfbe97839c099a2
                                                                                                                                                                              • Instruction ID: ec9bd796ee258581becf46f3b56bedca33356f9beb55fc7267197da6edaa553c
                                                                                                                                                                              • Opcode Fuzzy Hash: dc379592a005adf29b79693d3865baa0041bf56eafe7dbe30dfbe97839c099a2
                                                                                                                                                                              • Instruction Fuzzy Hash: B271C573E082058BEB15EF28E48165A77F1FB84364F1045AADD59CB3A1E339D846CBD2
                                                                                                                                                                              Function 6BFA4790 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 222COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              • q, xrefs: 6BFA485F
                                                                                                                                                                              • %sON CONFLICT clause does not match any PRIMARY KEY or UNIQUE constraint, xrefs: 6BFA49FF
                                                                                                                                                                              • %r , xrefs: 6BFA49E5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: %r $%sON CONFLICT clause does not match any PRIMARY KEY or UNIQUE constraint$q
                                                                                                                                                                              • API String ID: 2102423945-3220699075
                                                                                                                                                                              • Opcode ID: aa2729fee95913bee58e29b1bf302c4275cef2d79195e78a421d820f25215627
                                                                                                                                                                              • Instruction ID: be40dd096cecc75046e159e0b47c06c9b9c57f800211ce305fc9db439d1cc260
                                                                                                                                                                              • Opcode Fuzzy Hash: aa2729fee95913bee58e29b1bf302c4275cef2d79195e78a421d820f25215627
                                                                                                                                                                              • Instruction Fuzzy Hash: 28917E76D00219DFDB18CFA8D880AADB7B5FF49314F1041AAD858A7751EB34A951CFA0
                                                                                                                                                                              Function 6BF64B80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: domain error
                                                                                                                                                                              • API String ID: 0-1959930803
                                                                                                                                                                              • Opcode ID: c7f459191197e3071fa2767417a659a27461d01e50ed6e442c6c608c534f56d4
                                                                                                                                                                              • Instruction ID: 0a1ec2b5df4037dc8fd1147cc813844f38772ffaa603a5ca6812b957ddf38651
                                                                                                                                                                              • Opcode Fuzzy Hash: c7f459191197e3071fa2767417a659a27461d01e50ed6e442c6c608c534f56d4
                                                                                                                                                                              • Instruction Fuzzy Hash: 75513637A082114BD700EE78D86178A77E1AF813A8F1447A9ED688B3A1F739D84587D2
                                                                                                                                                                              Function 6BF64D90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: domain error
                                                                                                                                                                              • API String ID: 0-1959930803
                                                                                                                                                                              • Opcode ID: 34dff78a37a4db9e39752b85f4d4634d9e79903d3b263d910949973c48633a0f
                                                                                                                                                                              • Instruction ID: 2482e63776dc3d971faf53489ffde039ae3e18ba9cc0fdfebef1a6b0459de85c
                                                                                                                                                                              • Opcode Fuzzy Hash: 34dff78a37a4db9e39752b85f4d4634d9e79903d3b263d910949973c48633a0f
                                                                                                                                                                              • Instruction Fuzzy Hash: F75148776083024BD700EF78D8A165AB3D5EBD13A8F1407A9ED68872A1F739D90587D2
                                                                                                                                                                              Function 6BFD63D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 186COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00024A9C,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BFD664E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: e94b1286ca3f5249c6801c5e88440ebf9a0dbad3cac9ef577793960f35f64d09
                                                                                                                                                                              • Instruction ID: 95204385078640f66d7b3022a6a6e30808e62a171cd1967fcb69559b474e2683
                                                                                                                                                                              • Opcode Fuzzy Hash: e94b1286ca3f5249c6801c5e88440ebf9a0dbad3cac9ef577793960f35f64d09
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F71D572A01215AFDB10CF78C841B9ABBF0AF49308F0841E9E84D9B351DB79E994CF91
                                                                                                                                                                              Function 6BF80DC0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0000EE02,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF80E15
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF80E09
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF80E0E
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF80DFF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 62dc2fa47717c2b59f0e48961dbadfb8f218c3f1cc6abec2269205b0210191f2
                                                                                                                                                                              • Instruction ID: 7699163d8751419b6d6f5f1a44a9c0f74453e18d73dcd156cb357a37eeb260ee
                                                                                                                                                                              • Opcode Fuzzy Hash: 62dc2fa47717c2b59f0e48961dbadfb8f218c3f1cc6abec2269205b0210191f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 135170B36053425FD710CE68D881E6BB3F9EB88314F4049AEF959C7211E7B5E9448BA2
                                                                                                                                                                              Function 6BF75A40 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0000F437,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,?,?,?,?,6BFA593B), ref: 6BF75B20
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF75B14
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF75B19
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF75B0A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 09c85686eed618acc6e9df4d6ffa4af9f3b58ba5a963971565537034ffa0b5cb
                                                                                                                                                                              • Instruction ID: be7922bb227a0da6abca1b663628d6ae58558ca35edbd6812fc458a1d8f938b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 09c85686eed618acc6e9df4d6ffa4af9f3b58ba5a963971565537034ffa0b5cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 2651EA33A00206ABD711AFB9D881B6AB7A4EF40714F4481F6ED089B661E77CE951CBD0
                                                                                                                                                                              Function 6BF89A70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 142COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BA8C), ref: 6BF89B90
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
                                                                                                                                                                              • API String ID: 2981141233-1808655853
                                                                                                                                                                              • Opcode ID: 2af6c868bd1c731b8c67dc13073c03c7fad4d31d8a99d6b5b484713e38a6900f
                                                                                                                                                                              • Instruction ID: f17b57c300c291e7a91e89fb253a8a989bddd2f8733db019c36678095d83d6b1
                                                                                                                                                                              • Opcode Fuzzy Hash: 2af6c868bd1c731b8c67dc13073c03c7fad4d31d8a99d6b5b484713e38a6900f
                                                                                                                                                                              • Instruction Fuzzy Hash: CD41D776B002099FCF04CF68D8816AE77F5EB85314F1085AAED19DB3A1EB35DA01CB91
                                                                                                                                                                              Function 6BF8EA00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF86090: SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00013E46,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?), ref: 6BF860D1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000154D0,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF8EB27
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF8EB1B
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8EB20
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8EB11
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 46b0859b50583d2c3d7b3864702d2e86ae216946c4998f5dd0212dc744dc4573
                                                                                                                                                                              • Instruction ID: 64cd7728a25f20c10df4f749fc8e8fe51d2bb243d4df3e4ff5341924a00366c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 46b0859b50583d2c3d7b3864702d2e86ae216946c4998f5dd0212dc744dc4573
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A41B533A142298BCF04CFB4C8917EDB7B1FF48754F004569D80AAB660E778AA45CBD1
                                                                                                                                                                              Function 6BF3609A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d._memset
                                                                                                                                                                              • String ID: separators$tokenchars
                                                                                                                                                                              • API String ID: 1786038377-258404482
                                                                                                                                                                              • Opcode ID: 6e5d6069f71631a0d46b202610a1e562da6712e9e8f6a2ee97d254e93bdefd05
                                                                                                                                                                              • Instruction ID: 90a7cc02eb3d0cd0805a3a419e3d4346045a6975a9176afc9e074f04dcc55bca
                                                                                                                                                                              • Opcode Fuzzy Hash: 6e5d6069f71631a0d46b202610a1e562da6712e9e8f6a2ee97d254e93bdefd05
                                                                                                                                                                              • Instruction Fuzzy Hash: C641C873A0C2726ED715DE28985072B7FF1AF82B09F1804DDF8958B263D629C91587D2
                                                                                                                                                                              Function 6BF7A930 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000111A7,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7A991
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF7A985
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7A98A
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7A97B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: bba171e7f3cb3d78f8723b88073a058d0c781f7580cb723d959d439a56169820
                                                                                                                                                                              • Instruction ID: 92b71e025febd924c128de38c9568d2db45d93bb6203c2fa7bd4223abfcba002
                                                                                                                                                                              • Opcode Fuzzy Hash: bba171e7f3cb3d78f8723b88073a058d0c781f7580cb723d959d439a56169820
                                                                                                                                                                              • Instruction Fuzzy Hash: C4313B32A04545ABD721DF69E4C0EA9F7F1EF41304F0982FAEC5987251E338E555C791
                                                                                                                                                                              Function 6BF74750 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000112D9,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7487D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: a8d24b34f14e3b2c69a4e56554e4098466a94912e7081cfca7f95f9b0ef8e4cf
                                                                                                                                                                              • Instruction ID: d01fdae6e8040f043b659144c45ed316a91400f99849da8bc256fd4345ec9534
                                                                                                                                                                              • Opcode Fuzzy Hash: a8d24b34f14e3b2c69a4e56554e4098466a94912e7081cfca7f95f9b0ef8e4cf
                                                                                                                                                                              • Instruction Fuzzy Hash: 6931AD33E041B456C7219B6DA880968BBE29B8530670982FBED9CDB697D239D911C7E0
                                                                                                                                                                              Function 6BF808B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000110A4,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF8094C
                                                                                                                                                                                • Part of subcall function 6BF75240: SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00010ED5,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,00000000,?,?), ref: 6BF75273
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF80940
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF80945
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF80936
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: e7c4e18b001a1d9cd7a81cc9b511da3bdd6d73054e49906d0b70e6477142cf95
                                                                                                                                                                              • Instruction ID: f276f9750ca4a37f226d9a060952af35893c726204be551213ff10463dc6158f
                                                                                                                                                                              • Opcode Fuzzy Hash: e7c4e18b001a1d9cd7a81cc9b511da3bdd6d73054e49906d0b70e6477142cf95
                                                                                                                                                                              • Instruction Fuzzy Hash: 9D311A76E01206ABDB24DF64C881BAEB3F4FF48704F50449DE58597750D778EA80CB90
                                                                                                                                                                              Function 6BF78580 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000247FB,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF785AB
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF785A4
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78595
                                                                                                                                                                              • misuse, xrefs: 6BF7859F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 385605113d12d0ee2d1d664990088250784ce597638c896738ff71cc61d8986c
                                                                                                                                                                              • Instruction ID: 6f2eaca284f2112d76edadfae3c880a7eb6559cf8f10995e20c7b6e3c93f7640
                                                                                                                                                                              • Opcode Fuzzy Hash: 385605113d12d0ee2d1d664990088250784ce597638c896738ff71cc61d8986c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1431C472B04205BBDB20EE3AACC5F567BA5AF05754F0440F6EC0DDB262E73ADD0586A0
                                                                                                                                                                              Function 6BF8EF90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 92COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF8F056
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8F05B
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8F04C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 0-2469029621
                                                                                                                                                                              • Opcode ID: 951c77630638e76f419f4a490fad6eb1402d759eb0946004285a75bfeb049f47
                                                                                                                                                                              • Instruction ID: 7b9402e2289606f856c98e548ea467af567f47fe3722059ac66f5fdc211f7645
                                                                                                                                                                              • Opcode Fuzzy Hash: 951c77630638e76f419f4a490fad6eb1402d759eb0946004285a75bfeb049f47
                                                                                                                                                                              • Instruction Fuzzy Hash: 7A31E433B442009FD7419A28CC41B06B7F6AB84725F158898DC0D9F366EB7DEC818BE1
                                                                                                                                                                              Function 6BF76750 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF44010: _memmove.LIBCMT ref: 6BF44076
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000353A1,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,6BF7BEE4,?), ref: 6BF7681E
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF76812
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF76817
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF76808
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d._memmove
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 3148929312-2469029621
                                                                                                                                                                              • Opcode ID: 43cf2cf0d0382bec41d4288774be1caf1e468353f628adbb86d5ba4bddeccda6
                                                                                                                                                                              • Instruction ID: 8b194ad12bdb0d2a839cca50dff7b8329f053eb45c61672838e288f85fed6413
                                                                                                                                                                              • Opcode Fuzzy Hash: 43cf2cf0d0382bec41d4288774be1caf1e468353f628adbb86d5ba4bddeccda6
                                                                                                                                                                              • Instruction Fuzzy Hash: BC213A73900106ABDB11DF18E881B9AB7A4EF80244F1445F6EC499B21AEB35EE57CBD0
                                                                                                                                                                              Function 6BF8E910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000154F1,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF8E9E2
                                                                                                                                                                                • Part of subcall function 6BF86090: SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00013E46,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?), ref: 6BF860D1
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF8E9D0
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8E9D5
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8E9C6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 8b09ccb086a30d7f2dfc76c5e934de643c324a2a1c95d6baa9529ae31a0596aa
                                                                                                                                                                              • Instruction ID: d945af372ab9cbcebdb17d09dff921bad1857ee13429e1e9216940a9fffa8a21
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b09ccb086a30d7f2dfc76c5e934de643c324a2a1c95d6baa9529ae31a0596aa
                                                                                                                                                                              • Instruction Fuzzy Hash: 92214873A102159BCB549B78CC41BAEB3F4EF88321F00066DE919EB2E0E7B894018BD1
                                                                                                                                                                              Function 6BF86090 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00013E46,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?), ref: 6BF860D1
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF860C5
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF860CA
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF860BB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 13961cc3b50b43871ee515324042627929ea56813b2a3fb71f2725cb7b0b634d
                                                                                                                                                                              • Instruction ID: 311681a5b17fa4c5ee646eb793bcfd0e2bcf9fdd6b9ee5c5d6e43d63e3c9810a
                                                                                                                                                                              • Opcode Fuzzy Hash: 13961cc3b50b43871ee515324042627929ea56813b2a3fb71f2725cb7b0b634d
                                                                                                                                                                              • Instruction Fuzzy Hash: B421B332304B01ABD3248E69D882B56B3F4FB44718F10492DF54E8B762E7AAE5458785
                                                                                                                                                                              Function 6BF78050 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A818,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7807C
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78075
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78066
                                                                                                                                                                              • misuse, xrefs: 6BF78070
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 3af8856e84929a27ce7d5a835e9c72b858aacb0e17439c0e04eb621bd5c67a39
                                                                                                                                                                              • Instruction ID: 5b64e48ae63136b9f1bd850569c4d5b2f58c459eed8accabd4168d1360903ccb
                                                                                                                                                                              • Opcode Fuzzy Hash: 3af8856e84929a27ce7d5a835e9c72b858aacb0e17439c0e04eb621bd5c67a39
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D11277370460257AB34BA7FBC45E4773E8EF8066670448F6E91EC72A2FF69E4018661
                                                                                                                                                                              Function 6BF5FB10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF5FB85
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF5FBB1
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF5FBD1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$I1bf8975e567ea97a.
                                                                                                                                                                              • String ID: malformed JSON
                                                                                                                                                                              • API String ID: 2044891589-4000051135
                                                                                                                                                                              • Opcode ID: 8a873aba87194f5604bb75eed487fa45056b3bd06a4653a88df947992d209283
                                                                                                                                                                              • Instruction ID: a267473eb4fce3e055a4995b4d75522ae73c3e3f7a384400c9e1e5fd1bd7714d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a873aba87194f5604bb75eed487fa45056b3bd06a4653a88df947992d209283
                                                                                                                                                                              • Instruction Fuzzy Hash: FC21A3B3808706AFD7608F3898107127BE45F26318F104BADD8E9876A1E779E1548B91
                                                                                                                                                                              Function 6BF76520 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00005AB8,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,?,6BF7B20E,00000000,?,?,?), ref: 6BF765D2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 6d08c667d42b61591947a18d181badaec772939fa29492ad9831472097d50f8c
                                                                                                                                                                              • Instruction ID: d788b2e792fbe908ea856e379a2f65c4223e0db8850a29825f788a18a2905b7a
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d08c667d42b61591947a18d181badaec772939fa29492ad9831472097d50f8c
                                                                                                                                                                              • Instruction Fuzzy Hash: DA113676700302BFEB209F18E844B463BF5EB81719F1080BAF91C4B265E775E5409BD1
                                                                                                                                                                              Function 6BF78240 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A68D,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7826A
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78263
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78254
                                                                                                                                                                              • misuse, xrefs: 6BF7825E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 5774e1eaf0d418eb25b9b4d989f0cb63168b1f3922cc37fd7c20c2dce2f8f102
                                                                                                                                                                              • Instruction ID: a83f2ec315e40f1b77fe7a38e9c7978a6663b01c3b7fa7eafa0eb60d4eb79d19
                                                                                                                                                                              • Opcode Fuzzy Hash: 5774e1eaf0d418eb25b9b4d989f0cb63168b1f3922cc37fd7c20c2dce2f8f102
                                                                                                                                                                              • Instruction Fuzzy Hash: D511EC76700B019FD730AA75E885F0777E4AF40719F0405BAE90A97A21D638E800C6A1
                                                                                                                                                                              Function 6BF74520 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00011CAC,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74546
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF7453A
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7453F
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF74530
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: f0d30a550e97051ca715ef5ff99882a1c7a704949d8db6d8ef79b7f5fe1a606e
                                                                                                                                                                              • Instruction ID: c4b18e8a88947139533e00de2daa75aa16944a2d55cfe17e3bd1ed153ac8710a
                                                                                                                                                                              • Opcode Fuzzy Hash: f0d30a550e97051ca715ef5ff99882a1c7a704949d8db6d8ef79b7f5fe1a606e
                                                                                                                                                                              • Instruction Fuzzy Hash: 6421CD325483808EE328DF68E449B52BFE5AB11728F1A80EFD04D4F6A3E77AD485C751
                                                                                                                                                                              Function 6BF748A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF7495C
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF74961
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF74952
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 0-2469029621
                                                                                                                                                                              • Opcode ID: ec2ad679b558753650f17707b7946660e847c84e6bfc3560fc161b0d7c098a72
                                                                                                                                                                              • Instruction ID: fd817d2ac308ef370133a1dd42f90f21b7f7a93cbd173765ac8a5a0a6b1ec031
                                                                                                                                                                              • Opcode Fuzzy Hash: ec2ad679b558753650f17707b7946660e847c84e6bfc3560fc161b0d7c098a72
                                                                                                                                                                              • Instruction Fuzzy Hash: EC21A17541C2918EC3199F24A095FA1BBB0BF15300B0B89D9D8999F7B3E3B9C4C5C7A2
                                                                                                                                                                              Function 6BF5FA80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(JSON path error near '%q',?), ref: 6BF5FAC7
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF5FAF0
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP ref: 6BF5FB00
                                                                                                                                                                              Strings
                                                                                                                                                                              • JSON path error near '%q', xrefs: 6BF5FAC2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I1bf8975e567ea97a.Iaa0f8e0c251cfd1d.Idb45e174afb28e2c.
                                                                                                                                                                              • String ID: JSON path error near '%q'
                                                                                                                                                                              • API String ID: 2784778010-481711382
                                                                                                                                                                              • Opcode ID: f68894aa703edc638c17be94ea7522aaa3716564bd13ceac80a702a218e6b255
                                                                                                                                                                              • Instruction ID: 8965d61a9e30596ba0c0399ad53420027265e38fbfce0a8cb9eef2e1cc0aacca
                                                                                                                                                                              • Opcode Fuzzy Hash: f68894aa703edc638c17be94ea7522aaa3716564bd13ceac80a702a218e6b255
                                                                                                                                                                              • Instruction Fuzzy Hash: FE01B9B39692123AE7105A685C02F7776CC8F51628F100399FC69922E1FBA9992083E3
                                                                                                                                                                              Function 6BF75FF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000062A9,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,00000000,?,6BF8F1E7,6C035CA8,00000001,?,6BF8F6C5,?,?,6BFE5767), ref: 6BF7601F
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF76018
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF76009
                                                                                                                                                                              • misuse, xrefs: 6BF76013
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 3fc85c423592cf59c10b0d106aa7b6e7d17b98dbcd1b712c7ea29d3a867ebe3d
                                                                                                                                                                              • Instruction ID: ae2069870e34b6c1a30e7191babc7daa591d9cdd15ff1dcf9ce0aaeffacce6db
                                                                                                                                                                              • Opcode Fuzzy Hash: 3fc85c423592cf59c10b0d106aa7b6e7d17b98dbcd1b712c7ea29d3a867ebe3d
                                                                                                                                                                              • Instruction Fuzzy Hash: F9110C77A402017BDB316B6DA805F1B37B49B81B79F0040FAF91E97261EB7DD0118B92
                                                                                                                                                                              Function 6BF745D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,0001141D,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7464B
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF74639
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7463E
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7462F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 216804488a1285a2e96bb9864afc3287a676c48dedeb34a7083e99c6d542f252
                                                                                                                                                                              • Instruction ID: 94eae76c5793a69129c82234da91bf459fbdb58439ef252e7f4e35c48b639540
                                                                                                                                                                              • Opcode Fuzzy Hash: 216804488a1285a2e96bb9864afc3287a676c48dedeb34a7083e99c6d542f252
                                                                                                                                                                              • Instruction Fuzzy Hash: 5411C2726002009FC310EF68DC81B55BBE5DB41308F5481E9E81C8F252E377E892CBD2
                                                                                                                                                                              Function 6BF778D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AC3E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77908
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77901
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF778F2
                                                                                                                                                                              • misuse, xrefs: 6BF778FC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: e73db76ae5d3c158f22ae4c6c4292df297b82a5f9894ade2caced1fd606d43f2
                                                                                                                                                                              • Instruction ID: acb209489457c8a512c231e62fb4e70d2657d8bbe9030287ddd801a72ad0e69d
                                                                                                                                                                              • Opcode Fuzzy Hash: e73db76ae5d3c158f22ae4c6c4292df297b82a5f9894ade2caced1fd606d43f2
                                                                                                                                                                              • Instruction Fuzzy Hash: 10113CB17017155BDB20EE74A841A9B73E8AF44715F0048B9E96ED7310EA78E9508B92
                                                                                                                                                                              Function 6BF77B80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002ABA1,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77BA8
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77BA1
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77B92
                                                                                                                                                                              • misuse, xrefs: 6BF77B9C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 7432a0e68842613898f4cc9e614fdfd11c7330f134791905a261f8caa5513119
                                                                                                                                                                              • Instruction ID: 39e07cf2ff3c0cd5f5051967498f1ad7422a311d6b607b1653387831313145d4
                                                                                                                                                                              • Opcode Fuzzy Hash: 7432a0e68842613898f4cc9e614fdfd11c7330f134791905a261f8caa5513119
                                                                                                                                                                              • Instruction Fuzzy Hash: 9901D4727147055BDB24AE78AC01F4733E4AF0071AF0044BAFC1EE7211E628E41087A1
                                                                                                                                                                              Function 6BF77AF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002ABC0,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77B18
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77B11
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77B02
                                                                                                                                                                              • misuse, xrefs: 6BF77B0C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 829996b76442a1b76d4b85fa868f8c7cfba624ebddcb2d82c234e30ab0daa604
                                                                                                                                                                              • Instruction ID: efbf40a69f89198c932114147d89f7b3cc6fc1c58df078c4b79ec3837e43ca59
                                                                                                                                                                              • Opcode Fuzzy Hash: 829996b76442a1b76d4b85fa868f8c7cfba624ebddcb2d82c234e30ab0daa604
                                                                                                                                                                              • Instruction Fuzzy Hash: E501F1367017416BCB20AF78E801F8B77E8EF41219F0008BAE95EE7702D274F4008791
                                                                                                                                                                              Function 6BF789D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A753,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78A01
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF789FA
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF789EB
                                                                                                                                                                              • misuse, xrefs: 6BF789F5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: b750ef4d1f23cd08b3c3dc003842aedbffa4d8c186e096ccc7c850ceacbcd6d5
                                                                                                                                                                              • Instruction ID: f166c0cb62cfa37cb65b1db71131583c2fae141182049ba3bc517e317504635f
                                                                                                                                                                              • Opcode Fuzzy Hash: b750ef4d1f23cd08b3c3dc003842aedbffa4d8c186e096ccc7c850ceacbcd6d5
                                                                                                                                                                              • Instruction Fuzzy Hash: 6C01D673A446015BD314EA29EC01D12B7E8AF84725B0442FAEE1D97762FB64ED0086D5
                                                                                                                                                                              Function 6BF78950 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A76F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78981
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7897A
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7896B
                                                                                                                                                                              • misuse, xrefs: 6BF78975
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 0d200b348e2169fc639ca3dfa492835ebf159eeca358787b54324b144a3ef8e5
                                                                                                                                                                              • Instruction ID: 496a621e2aa597422129797365413c290f3719a92d334ec88f5d2bbd60c8f0fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 0d200b348e2169fc639ca3dfa492835ebf159eeca358787b54324b144a3ef8e5
                                                                                                                                                                              • Instruction Fuzzy Hash: A40126736047015BC314AB29EC01E12B3E8EF81720F0445FAAE189B362FB64E90082D2
                                                                                                                                                                              Function 6BF788D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A77F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78901
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF788FA
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF788EB
                                                                                                                                                                              • misuse, xrefs: 6BF788F5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: c642ff63c50791bff93c927e2997e9772305de595c2e6d371d7185f775a8c3f9
                                                                                                                                                                              • Instruction ID: 0d840d711f3f5c947896987c37438130754dd2e29aac649def6f1a43652efeba
                                                                                                                                                                              • Opcode Fuzzy Hash: c642ff63c50791bff93c927e2997e9772305de595c2e6d371d7185f775a8c3f9
                                                                                                                                                                              • Instruction Fuzzy Hash: 40012673A446015BC314EB29EC01D12B7E8AF80721B0042FAEE1C97362FB64E90082D2
                                                                                                                                                                              Function 6BF77850 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AC8C,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,?,6BF8FC50,?,00000000,00000000,?), ref: 6BF7787A
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77873
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77864
                                                                                                                                                                              • misuse, xrefs: 6BF7786E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 12a642fd1ba924318d9d4bbaec536c2bf4799d820f2a5d2e8aa8ee5f30db382e
                                                                                                                                                                              • Instruction ID: 041e113c80ec840347a2edcb6b60fee5d9579be7ad0587dd9a1589081189b19f
                                                                                                                                                                              • Opcode Fuzzy Hash: 12a642fd1ba924318d9d4bbaec536c2bf4799d820f2a5d2e8aa8ee5f30db382e
                                                                                                                                                                              • Instruction Fuzzy Hash: 6101D6767047146BD715AA79EC01E8773E8EF44626F0004BAFA1ED7301E634F9108BE5
                                                                                                                                                                              Function 6BF71BC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000007,failed to %s %u bytes (%lu), heap=%p,HeapReAlloc,?,00000000), ref: 6BF71C16
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: HeapAlloc$HeapReAlloc$failed to %s %u bytes (%lu), heap=%p
                                                                                                                                                                              • API String ID: 2981141233-2123888023
                                                                                                                                                                              • Opcode ID: e68acf41a1fe899accd353f9920b48dc4d2696c86fcf5022084c5076f82c3cf6
                                                                                                                                                                              • Instruction ID: 652534c26c5ca9c0ef49e7956f89ed09a74d5ce4b8d95da7b2fb4bc53f53c150
                                                                                                                                                                              • Opcode Fuzzy Hash: e68acf41a1fe899accd353f9920b48dc4d2696c86fcf5022084c5076f82c3cf6
                                                                                                                                                                              • Instruction Fuzzy Hash: 63F068B7F48319B7D6205ADE9C89E5BB7BCDB49A95F0000A6FD0CDB610E6349E0447A0
                                                                                                                                                                              Function 6BF78A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0001C826,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78A78
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78A71
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78A62
                                                                                                                                                                              • misuse, xrefs: 6BF78A6C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 38694981a244567e7dd7e4a7d8b2bb91450f1000eec71de0d641fc26ac95ed81
                                                                                                                                                                              • Instruction ID: a3a5ecc174932a5b631e3347e9a7557df32c11310c7298c05c59d8e285bfaa6c
                                                                                                                                                                              • Opcode Fuzzy Hash: 38694981a244567e7dd7e4a7d8b2bb91450f1000eec71de0d641fc26ac95ed81
                                                                                                                                                                              • Instruction Fuzzy Hash: FC01D672B0071567EB10AA75AC05E8777A8AF40759F0044B5ED1EDB311EB28E90087D1
                                                                                                                                                                              Function 6BF8FBF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AC74,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?,?,6BFFD2A7,?,000003E8), ref: 6BF8FC19
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF8FC12
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF8FC03
                                                                                                                                                                              • misuse, xrefs: 6BF8FC0D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: b1b3a44178b54420ea37463236e18660409cc829261cfa6c6dfd0d4169dac38d
                                                                                                                                                                              • Instruction ID: 6c242fa0618225f77b9bd87d235a6c7c6737e6014644f1489e933085a280dc95
                                                                                                                                                                              • Opcode Fuzzy Hash: b1b3a44178b54420ea37463236e18660409cc829261cfa6c6dfd0d4169dac38d
                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF0A773B583153AE71171B47D07F8A73DCCB4166AF1004B6FE0CEA691F65EA60002D9
                                                                                                                                                                              Function 6BF77A70 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002ABDE,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77A98
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77A91
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77A82
                                                                                                                                                                              • misuse, xrefs: 6BF77A8C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: e7cd200f83a99e52c11abe7dde6124b7cf01d270ed06470c3fa292ce2b9532d6
                                                                                                                                                                              • Instruction ID: 0cf52583c394249dd7931bdc9ed0a9efa5375a7d1f7a872222f488a2abc89a95
                                                                                                                                                                              • Opcode Fuzzy Hash: e7cd200f83a99e52c11abe7dde6124b7cf01d270ed06470c3fa292ce2b9532d6
                                                                                                                                                                              • Instruction Fuzzy Hash: 10F0A9767007145BEB10EA79EC01E4B73E8EF40655F044876FD1EE7711E634E5008B95
                                                                                                                                                                              Function 6BF779F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002ABF7,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77A18
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77A11
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77A02
                                                                                                                                                                              • misuse, xrefs: 6BF77A0C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 8f6c6084b27290c66496ad52f4708db7fad3222b3c097d9969ab8d9d6af2d784
                                                                                                                                                                              • Instruction ID: 98be475d973f0d2da3e4c5d3b80cf08df88346935f521c22f8196a668380f498
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f6c6084b27290c66496ad52f4708db7fad3222b3c097d9969ab8d9d6af2d784
                                                                                                                                                                              • Instruction Fuzzy Hash: C0F0A9767407165BDB20EE79AC05E9773E8EF40615F0444B9FD2ED7711E634E9008791
                                                                                                                                                                              Function 6BF77970 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002AC10,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77998
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77991
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77982
                                                                                                                                                                              • misuse, xrefs: 6BF7798C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 8d629d4b324dbf9981c48402016c21c807e63cb2bca7f291f3e41cd97f177fcc
                                                                                                                                                                              • Instruction ID: a25f970976a14c6fd1ef44573f7ccb12438a4fe3382c83ca6a937074c520c7b5
                                                                                                                                                                              • Opcode Fuzzy Hash: 8d629d4b324dbf9981c48402016c21c807e63cb2bca7f291f3e41cd97f177fcc
                                                                                                                                                                              • Instruction Fuzzy Hash: FDF08172B417166BCB20AA79A801F5773E8EF40669F04047AFE1EE7712E634F8108695
                                                                                                                                                                              Function 6BF77FC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A9EE,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF77FE8
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF77FE1
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF77FD2
                                                                                                                                                                              • misuse, xrefs: 6BF77FDC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: e6e8e5ae777ef1000b12cd033ad4dfca1a1d4bdb2c4943e35b0adba767e41fe3
                                                                                                                                                                              • Instruction ID: 25112b9824d8c83694d649ed4eaff274c5554f377260456aa54a2a793954bab3
                                                                                                                                                                              • Opcode Fuzzy Hash: e6e8e5ae777ef1000b12cd033ad4dfca1a1d4bdb2c4943e35b0adba767e41fe3
                                                                                                                                                                              • Instruction Fuzzy Hash: F40186716407155BDB20AF79A805B8777E8AF00719F00447AED2EE7341E738E40087D1
                                                                                                                                                                              Function 6BF78690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000247EF,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,00000000,?,?,6BFF2738,?,?,0000001C,00000000,6BF22BF0), ref: 6BF786DC
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF786D5
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF786C6
                                                                                                                                                                              • misuse, xrefs: 6BF786D0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 3e74da5ce12da003453cbef56ecc811da703a6f330a296ed63b7b4e89d5a9940
                                                                                                                                                                              • Instruction ID: ae49a7bc48a737cb1ac7865a6bbacbaca6f87558be8f48cc308752f52d188ada
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e74da5ce12da003453cbef56ecc811da703a6f330a296ed63b7b4e89d5a9940
                                                                                                                                                                              • Instruction Fuzzy Hash: 48F0E2B33002097BEB00A969FC02E9B739CDB80665F0004BAFE08DB261F668FC0142F5
                                                                                                                                                                              Function 6BF7686C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00035357,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,?), ref: 6BF768BC
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF768B0
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF768B5
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF768A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 1347ac48fb2c3507807986eebc1555c2b53b96b65504075249b2cf6a43c057c6
                                                                                                                                                                              • Instruction ID: 46ad76c4d88a5859fcc31d4429bbb71d2b95f5ee0cf93666948f26328b5e30ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 1347ac48fb2c3507807986eebc1555c2b53b96b65504075249b2cf6a43c057c6
                                                                                                                                                                              • Instruction Fuzzy Hash: E7F08172E40205B7DF20DF65A841B5DB3B0AF40744F0084FAF8196B252E779DA50CB91
                                                                                                                                                                              Function 6BF78190 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A760,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF781B8
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF781B1
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF781A2
                                                                                                                                                                              • misuse, xrefs: 6BF781AC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 0803dae888e3a4bc993c051ac2892305112cec5dc03610f2620db0f75ffdab51
                                                                                                                                                                              • Instruction ID: d51da967f21a646362bea210e95972bb51e0b931b16746f02992839ef821df55
                                                                                                                                                                              • Opcode Fuzzy Hash: 0803dae888e3a4bc993c051ac2892305112cec5dc03610f2620db0f75ffdab51
                                                                                                                                                                              • Instruction Fuzzy Hash: 18F0B4B2B007156B8B10BF79AC01E4B77E8AF04669B0444B6FD1EE7711E674E9108AE9
                                                                                                                                                                              Function 6BFA1910 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00014F59,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BFA1954
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BFA1948
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFA194D
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFA193E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: a773b9df704f1c5d91b8af47821856c651fc9fc0d4434bb1b68f72bc04e70d7e
                                                                                                                                                                              • Instruction ID: 5a4bfdf4cb62de1dc0f08bcb68a1acc1a590c4c7b94c29ddcd572ae72e6c15be
                                                                                                                                                                              • Opcode Fuzzy Hash: a773b9df704f1c5d91b8af47821856c651fc9fc0d4434bb1b68f72bc04e70d7e
                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF059729007006BE320D6789C07F1373E89705704F004AACFE9DC7A81FB65E80487E2
                                                                                                                                                                              Function 6BF7B800 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A753,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7B830
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7B829
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7B81A
                                                                                                                                                                              • misuse, xrefs: 6BF7B824
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: fe5b841a71ee14449d0e535c1bb1b48ea655d6370c170e8b4413e0a4c3d3ebd5
                                                                                                                                                                              • Instruction ID: 16754e5e0dd1f69b7295c742f3bfaeb4517c334d9a4ca57822344b7cff5e5dbf
                                                                                                                                                                              • Opcode Fuzzy Hash: fe5b841a71ee14449d0e535c1bb1b48ea655d6370c170e8b4413e0a4c3d3ebd5
                                                                                                                                                                              • Instruction Fuzzy Hash: 44F0E2777087016B8300AE69E802E46B7E8EF98620B0084BBEA5DD7712F775E4118B90
                                                                                                                                                                              Function 6BF747D5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,000112D9,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7487D
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF74871
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF74876
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF74813
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: 920f5a9e61bd56c27a81f30bb4c40ef5a1ab49dc4cb2e457ea212f09df1b8545
                                                                                                                                                                              • Instruction ID: 797e8202fd512479d827e5db019e4a8bb792dc2f714e4956030a6197267f547d
                                                                                                                                                                              • Opcode Fuzzy Hash: 920f5a9e61bd56c27a81f30bb4c40ef5a1ab49dc4cb2e457ea212f09df1b8545
                                                                                                                                                                              • Instruction Fuzzy Hash: D2F0C933E440B002C332022C2C85F25B7D15B8170AF0D82FBEE9C6B983D12949268BE1
                                                                                                                                                                              Function 6BF82B60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00015BE4,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF82B83
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF82B7C
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF82B6D
                                                                                                                                                                              • misuse, xrefs: 6BF82B77
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 533d9f55a17e99cb052b66e7feb4cb6a4e9fc482a445c8260067d638e53c1899
                                                                                                                                                                              • Instruction ID: fdf876996e18e1dd91adfb7b455712f606d68e3c81f9e42d471d256285a87504
                                                                                                                                                                              • Opcode Fuzzy Hash: 533d9f55a17e99cb052b66e7feb4cb6a4e9fc482a445c8260067d638e53c1899
                                                                                                                                                                              • Instruction Fuzzy Hash: D3F0E5B774460963CB00DDA89C43F9733AC8784715F000298BE1D9F6D1F629E92087E1
                                                                                                                                                                              Function 6BFE1970 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000183BB,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BFE1997
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BFE1990
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BFE1981
                                                                                                                                                                              • misuse, xrefs: 6BFE198B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 20fe9e73b4201b88cc1e13e6e64b89e0dd6b384110b8366e0d1ae9fe400621fd
                                                                                                                                                                              • Instruction ID: 6055278ecdded8d9507e8b34e58321c30510edb2b0c76cbe746eccefb8834a8d
                                                                                                                                                                              • Opcode Fuzzy Hash: 20fe9e73b4201b88cc1e13e6e64b89e0dd6b384110b8366e0d1ae9fe400621fd
                                                                                                                                                                              • Instruction Fuzzy Hash: BBF05CB3A0060477C7209A28DC06E8773ECAB00B257000764FD2DA7641E710FA0486F2
                                                                                                                                                                              Function 6BF7CFF0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A77F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF7D01B
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7D014
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF7D005
                                                                                                                                                                              • misuse, xrefs: 6BF7D00F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 8630c033ccef82e6a32ea59037f90f95060f00f18488edd3768db26a7d91ea6b
                                                                                                                                                                              • Instruction ID: 9488c528551258d0253c8dc0c50f0b4dfacf4732e933600a2abac63067e4b20d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8630c033ccef82e6a32ea59037f90f95060f00f18488edd3768db26a7d91ea6b
                                                                                                                                                                              • Instruction Fuzzy Hash: 49E06872E88308A78710FABC6C03D8A77ECDB04606F0001EBEE0DE3701F664AD0046D2
                                                                                                                                                                              Function 6BF742B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00012CEF,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF742F2
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF742E6
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF742EB
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF742DC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: c50fe29cab07acab595890623ee6470994d47542a6ee3f05f650df00fcba7bea
                                                                                                                                                                              • Instruction ID: edee39cd3320d9e1db3c7a5f093e1f9e3db2df19d5d09fc0660ea29b8b0e573c
                                                                                                                                                                              • Opcode Fuzzy Hash: c50fe29cab07acab595890623ee6470994d47542a6ee3f05f650df00fcba7bea
                                                                                                                                                                              • Instruction Fuzzy Hash: E4F06D727841006BEB25EA78ED81F1237D05B00705F2202FAE519DFDB6E328D8B1CAB1
                                                                                                                                                                              Function 6BF78200 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A753,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78228
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78221
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78212
                                                                                                                                                                              • misuse, xrefs: 6BF7821C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 59d3c8b5108289cd6aeca2b2e1281e685bd6d687fab7c3ae536463d9c63de9be
                                                                                                                                                                              • Instruction ID: 8c78cfd3131f7544aa2902fb3fda018cf5c4f0c1c459a5a3a029d8648bddb982
                                                                                                                                                                              • Opcode Fuzzy Hash: 59d3c8b5108289cd6aeca2b2e1281e685bd6d687fab7c3ae536463d9c63de9be
                                                                                                                                                                              • Instruction Fuzzy Hash: 23E08C32B44614678700B5BABC02E8773D88B846AAB4084B2FE0DA7A12E668E90146D2
                                                                                                                                                                              Function 6BF78150 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A76F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78178
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78171
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78162
                                                                                                                                                                              • misuse, xrefs: 6BF7816C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 5e743683ec551ac0f92178a0dce6116316250c1c458c9845644b677c4f6c046a
                                                                                                                                                                              • Instruction ID: cbfa598f6cb2b0a0a1bee006cdfb61a413dea5587c2e22f197ada8c8951006fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e743683ec551ac0f92178a0dce6116316250c1c458c9845644b677c4f6c046a
                                                                                                                                                                              • Instruction Fuzzy Hash: 8FE08C37784714678700B6BAAC02E8773DC8B80B69F0448B2FA4DA7A16F6A8E80146D1
                                                                                                                                                                              Function 6BF78110 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A77F,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78138
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78131
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78122
                                                                                                                                                                              • misuse, xrefs: 6BF7812C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: cd8836230ff6ff88bf664bcf7c919042561474b3bb76ec62bedd154a14a91bf9
                                                                                                                                                                              • Instruction ID: ba171a08c4d4ed5cc2649f296931a72355d7a1473e21a85c17c159405e9eb08c
                                                                                                                                                                              • Opcode Fuzzy Hash: cd8836230ff6ff88bf664bcf7c919042561474b3bb76ec62bedd154a14a91bf9
                                                                                                                                                                              • Instruction Fuzzy Hash: 77E08636754614634701B5B56C02D8777D89B40655B0044B2FB0D97A16F665E80145D1
                                                                                                                                                                              Function 6BF78530 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 24COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,00024C77,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78558
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78551
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78542
                                                                                                                                                                              • misuse, xrefs: 6BF7854C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 3150e19738a8a2061b2d8c2d719b8066a2fb9eb0282e73783cb1b85d322655d0
                                                                                                                                                                              • Instruction ID: 2d5e2b45408cbd904443a229d8af9bb8b2f6815513cca13ea24c7fd9edbe9804
                                                                                                                                                                              • Opcode Fuzzy Hash: 3150e19738a8a2061b2d8c2d719b8066a2fb9eb0282e73783cb1b85d322655d0
                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0863264476866864131B96C02E967BDC474166AF4404F2FE4DAA553E15C960055D1
                                                                                                                                                                              Function 6BF78300 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 23COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF75DA0: SI769271af19a2299d.SQLITE.INTEROP(00000015,API call with %s database connection pointer,NULL,?,6BF760BE), ref: 6BF75DB1
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002A67E,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF78328
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF78321
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF78312
                                                                                                                                                                              • misuse, xrefs: 6BF7831C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 9b3b558b88a3513fed4a44d8eb5cd81dcbbd6717c3f3b039990f671badfd0aca
                                                                                                                                                                              • Instruction ID: 6fb85af20836711efbd7f9ea9c04ecb02a3f15e73cedc135255909fec1992387
                                                                                                                                                                              • Opcode Fuzzy Hash: 9b3b558b88a3513fed4a44d8eb5cd81dcbbd6717c3f3b039990f671badfd0aca
                                                                                                                                                                              • Instruction Fuzzy Hash: A4D0173279422967864075F97C06E86B7DC8B00AAAB4404B2FA0DEAA12FA99A91005D6
                                                                                                                                                                              Function 6BF740E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 18COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000138CC,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF74100
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF740F9
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF740EA
                                                                                                                                                                              • misuse, xrefs: 6BF740F4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 2b37b2a9cb16856056f6be77e34dddf5366a0e24c19185614407831f4c41d048
                                                                                                                                                                              • Instruction ID: 7e25ffbbe52b2eff7063a2ea4fca7ae0edc3b906ea8319a0132c2c637013e233
                                                                                                                                                                              • Opcode Fuzzy Hash: 2b37b2a9cb16856056f6be77e34dddf5366a0e24c19185614407831f4c41d048
                                                                                                                                                                              • Instruction Fuzzy Hash: 77D0A97269030866CB00B6B8AC03F833BEC5B00B09B0404F0BA0DAA923F698E50048A1
                                                                                                                                                                              Function 6BF740A0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 18COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,000138DA,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF740C0
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF740B9
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF740AA
                                                                                                                                                                              • misuse, xrefs: 6BF740B4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 7ba18df3b833a386651e7bc2e80f1baccd8f0fb90d2efe7a4a78ca3a7000285f
                                                                                                                                                                              • Instruction ID: e796dbedcb1d642e358f9d2e93248c3fa3bd53a7d40b9292a321d14e52e0d28e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ba18df3b833a386651e7bc2e80f1baccd8f0fb90d2efe7a4a78ca3a7000285f
                                                                                                                                                                              • Instruction Fuzzy Hash: D1D0A972784308A69700B6F8AC02F823BDC5B00A0AB0004B0BA0EAB953F698E5000491
                                                                                                                                                                              Function 6BF72840 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000B,%s at line %d of [%.10s],database corruption,00035481,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,6BF84773), ref: 6BF72853
                                                                                                                                                                              Strings
                                                                                                                                                                              • database corruption, xrefs: 6BF72847
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7284C
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF72841
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$database corruption$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-2469029621
                                                                                                                                                                              • Opcode ID: a130e6292ad308815d62a68b998dadd0befcf92e1abd8f30b04207e6fe91cb94
                                                                                                                                                                              • Instruction ID: 08161b8e465aa3f94e5ed420de764bd97b989321730d4bb7eacf3011eec816b1
                                                                                                                                                                              • Opcode Fuzzy Hash: a130e6292ad308815d62a68b998dadd0befcf92e1abd8f30b04207e6fe91cb94
                                                                                                                                                                              • Instruction Fuzzy Hash: 30B092F258014035EA1621745C0BF2321888320A0AF5108A87A0FAE987B68C595009B2
                                                                                                                                                                              Function 6BF72810 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(00000015,%s at line %d of [%.10s],misuse,0002B08A,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,?,6BFFD0C0), ref: 6BF72823
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF7281C
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF72811
                                                                                                                                                                              • misuse, xrefs: 6BF72817
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f$misuse
                                                                                                                                                                              • API String ID: 2981141233-160653349
                                                                                                                                                                              • Opcode ID: 971ce22269d0abd2d46ab41ed68ff64264de10688cf00a28c5e1cc2b70908d57
                                                                                                                                                                              • Instruction ID: ca2b8fc16cd4d9505242a9304404eedff4de5d259ee7dee66dc1792f7657836c
                                                                                                                                                                              • Opcode Fuzzy Hash: 971ce22269d0abd2d46ab41ed68ff64264de10688cf00a28c5e1cc2b70908d57
                                                                                                                                                                              • Instruction Fuzzy Hash: ECB092F299054475EA0521645C0BF63159C8390B0BF1008A87A1FAE997B58C495024B2
                                                                                                                                                                              Function 6BF727E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(0000000E,%s at line %d of [%.10s],cannot open file,0000EAA9,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f,00000000,6BFA2A1E), ref: 6BF727F3
                                                                                                                                                                              Strings
                                                                                                                                                                              • cannot open file, xrefs: 6BF727E7
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF727EC
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF727E1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$cannot open file$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-1856461355
                                                                                                                                                                              • Opcode ID: 1efef54e9b1293e75bb3cb5d56a4803fb7aee39b11ee081eef18231b897baa4f
                                                                                                                                                                              • Instruction ID: 9a4f40567905b8bdeea01ae14186b6a12f63be22271b0d111c35b26d913f0629
                                                                                                                                                                              • Opcode Fuzzy Hash: 1efef54e9b1293e75bb3cb5d56a4803fb7aee39b11ee081eef18231b897baa4f
                                                                                                                                                                              • Instruction Fuzzy Hash: 80B092F398018035F60521749C07F221088835090AF140DA9790FBE987B9CC899054B2
                                                                                                                                                                              Function 6BF6CBA0 Relevance: 6.4, APIs: 4, Instructions: 378COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP(00000000), ref: 6BF6CC88
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iffb8076c269e2a85.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1579666890-0
                                                                                                                                                                              • Opcode ID: 61276294f81b624a36bf047087d15df675f828efbac538c5c545c4eb0810dea4
                                                                                                                                                                              • Instruction ID: 08238027a98fac7f17586079d8c066b9679f4b9013872722c3f58d431386a9ca
                                                                                                                                                                              • Opcode Fuzzy Hash: 61276294f81b624a36bf047087d15df675f828efbac538c5c545c4eb0810dea4
                                                                                                                                                                              • Instruction Fuzzy Hash: 61D1B373E041568FCF04CFA8C4916AEB7B1FB45394F1580AAEC95AB261F739D941CBA0
                                                                                                                                                                              Function 6BF46160 Relevance: 6.2, APIs: 4, Instructions: 225COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 6BF3CF40: _memset.LIBCMT ref: 6BF3CF96
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF461B0
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF463A7
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF463B4
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF463E2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1480580083-0
                                                                                                                                                                              • Opcode ID: d88629c2410c0bf0f0b3f8cd82b0bdb9baf78befe714264e7dd55f8a9c448c51
                                                                                                                                                                              • Instruction ID: d272c9507c3691e85845e51bc71e7fc77bb2f506d68492f5e7a0ed789d6b5b9a
                                                                                                                                                                              • Opcode Fuzzy Hash: d88629c2410c0bf0f0b3f8cd82b0bdb9baf78befe714264e7dd55f8a9c448c51
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C71F9B3A04312ABCB00CF64C88176A7BE4FF85718F1445A9F85997362D739EA15C7D2
                                                                                                                                                                              Function 6BF30D20 Relevance: 6.2, APIs: 4, Instructions: 188COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF30DF6
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF30E50
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF30F4C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-0
                                                                                                                                                                              • Opcode ID: 1efa8babdefc6b52959b1bed1c3032894939e00059a2f52cffccd0fd75a8ead8
                                                                                                                                                                              • Instruction ID: 2af227f21aba1ea40cc1474c929d10dc75f0c97aeed47ef46855cbf66dd5f0a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 1efa8babdefc6b52959b1bed1c3032894939e00059a2f52cffccd0fd75a8ead8
                                                                                                                                                                              • Instruction Fuzzy Hash: A3618E736047259BDB218F34D8807EBB3E4AF45314F00096AD86EC7224DB7AB880CBE5
                                                                                                                                                                              Function 6BF64380 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI5b914c29cf5a7984.SQLITE.INTEROP(?), ref: 6BF643F7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I5b914c29cf5a7984.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1073210055-0
                                                                                                                                                                              • Opcode ID: 5c5572e5ab20f9e57bcdf0233f05ea6ce9c0079e1c270a7989a5a7cce6137875
                                                                                                                                                                              • Instruction ID: 78f6addf9c1177024073fc7363d03ad6bb8aa0b3a1fa851ec633d8fd87447d00
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c5572e5ab20f9e57bcdf0233f05ea6ce9c0079e1c270a7989a5a7cce6137875
                                                                                                                                                                              • Instruction Fuzzy Hash: AA41BC73A042524BC704EE38D8B226673A5EF82365B1406FAECA5876A1F33DC805C391
                                                                                                                                                                              Function 6BF63920 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF639E3
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF639EF
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF639F8
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF63A2A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$I1bf8975e567ea97a.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2044891589-0
                                                                                                                                                                              • Opcode ID: 08bddcfeecbc5825c4f12a34bdb2427c03e87cac32e4d4311be25ed53047407c
                                                                                                                                                                              • Instruction ID: 6498de8852d4b47e07e4cf646affce5c4f333432fb525e56f43cf129f5174d9a
                                                                                                                                                                              • Opcode Fuzzy Hash: 08bddcfeecbc5825c4f12a34bdb2427c03e87cac32e4d4311be25ed53047407c
                                                                                                                                                                              • Instruction Fuzzy Hash: 8641F477A042124BE714CF28D845B66B3A5EF817A4F0545A8EC28CB2A2F739D940DB91
                                                                                                                                                                              Function 6BF32000 Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,3304C483,7DE85000,7DE85000,6BFD6C5C,6BFD6C5C,6BFD6C5C,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF,00000000,00000000,6BFADA3D), ref: 6BF32021
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,?,3304C483,7DE85000,7DE85000,6BFD6C5C,6BFD6C5C,6BFD6C5C,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF,00000000,00000000), ref: 6BF3202A
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF32057
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?,3304C483,7DE85000,7DE85000,6BFD6C5C,6BFD6C5C,6BFD6C5C,?,6BFD6C5C,?,6BFADA3D,00000007,000000FF,00000000,00000000,6BFADA3D), ref: 6BF3219E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.$_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1480580083-0
                                                                                                                                                                              • Opcode ID: 66541c4a4459fe927171463f26dfb4f0ac65f8d717494ecb9abb3582cdc06ea3
                                                                                                                                                                              • Instruction ID: 61623664334e8e305658a6058c2d450dc2d21f746e57fbf94e89aa6d8db6d438
                                                                                                                                                                              • Opcode Fuzzy Hash: 66541c4a4459fe927171463f26dfb4f0ac65f8d717494ecb9abb3582cdc06ea3
                                                                                                                                                                              • Instruction Fuzzy Hash: A451C3B2A006118BCB11DF68C88569A77B4FF85319F2446AADC1C8F225DB37E946CBD1
                                                                                                                                                                              Function 6BF144B0 Relevance: 6.1, APIs: 4, Instructions: 117COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF144DD
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF144F6
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF1453B
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF14581
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 885266447-0
                                                                                                                                                                              • Opcode ID: 8a8be6d94c03d294858e3811aa7f218c2147e5fa2e232e99f0e681bef55b05ce
                                                                                                                                                                              • Instruction ID: e0cdd3e14a266ad874e994a17a6d77d7e9c5d2a91d6c82e3f5428c8f527b7883
                                                                                                                                                                              • Opcode Fuzzy Hash: 8a8be6d94c03d294858e3811aa7f218c2147e5fa2e232e99f0e681bef55b05ce
                                                                                                                                                                              • Instruction Fuzzy Hash: EB312D3760C11567EB2089A48C40B9E779DDFC127DF3059BAFD199B270E62DD8418EA1
                                                                                                                                                                              Function 6BF5A8F0 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _calloc$I5b4aedd0c04bd151.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3636122150-0
                                                                                                                                                                              • Opcode ID: 8c0328f08d1b6efa2ab741568a412a1b6756ad79853199cf402647e54420383d
                                                                                                                                                                              • Instruction ID: 92613828b1b34966a78d271e2b1eb472ca4bc93a8fcb15e516bdd2560ba2a8eb
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c0328f08d1b6efa2ab741568a412a1b6756ad79853199cf402647e54420383d
                                                                                                                                                                              • Instruction Fuzzy Hash: 8141DF73A007108FCB00CF28D481A55BBE4FF99354F5281A9DD484B372EB79C8A1CBA1
                                                                                                                                                                              Function 6BF69B10 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI8b0d9e6837e61abc.SQLITE.INTEROP(?), ref: 6BF69B86
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF69BB2
                                                                                                                                                                              • _memmove.LIBCMT ref: 6BF69BD9
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF69BED
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove$I8b0d9e6837e61abc.Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1025806888-0
                                                                                                                                                                              • Opcode ID: 25e63bc04875e8558bb5615f2ce6cd516cf3ecb25a7c7d8904c47cd78720515b
                                                                                                                                                                              • Instruction ID: ff0e44d0a191827cb6cedbcd89178f8bab10f5a30c837e42f08be3d1e8e53cd7
                                                                                                                                                                              • Opcode Fuzzy Hash: 25e63bc04875e8558bb5615f2ce6cd516cf3ecb25a7c7d8904c47cd78720515b
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A314BB3A00601AFC704CF68C880D15B374FF4D7947148699EC558B666FB39E651CBE0
                                                                                                                                                                              Function 6BF4ADA0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 416COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: BINARY$out of memory
                                                                                                                                                                              • API String ID: 2102423945-3971123528
                                                                                                                                                                              • Opcode ID: 2a33d4fac213c5661cc54108cf0d78f3bc214a7b736d36539dbc58cbd371f0a7
                                                                                                                                                                              • Instruction ID: 3d6ff9d44abb3d8d347e304cb65580a5b4319c0ec2b6025cd8b6912d6090ad01
                                                                                                                                                                              • Opcode Fuzzy Hash: 2a33d4fac213c5661cc54108cf0d78f3bc214a7b736d36539dbc58cbd371f0a7
                                                                                                                                                                              • Instruction Fuzzy Hash: 95F192B2E0460A9FDB04CF58C48169EBFB1FF95314F1485A9D8559B363D338E991CB90
                                                                                                                                                                              Function 6BF37930 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: d
                                                                                                                                                                              • API String ID: 2102423945-2564639436
                                                                                                                                                                              • Opcode ID: 8b59fcf09db311f0ce088185956513a3837cf348b7f7558804e5668bf4379c82
                                                                                                                                                                              • Instruction ID: 2fe10de54fa487f0b4e828629dfabf9b90d3f2c09cbb0da47e172fc7d31f3427
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b59fcf09db311f0ce088185956513a3837cf348b7f7558804e5668bf4379c82
                                                                                                                                                                              • Instruction Fuzzy Hash: C4C1B672A08262DFD704CF28C490B1AFBE1BF84314F15869DE8A89B366D738D955CBD1
                                                                                                                                                                              Function 6BF3C450 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 234COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF3C69E
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF3C6B8
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-3916222277
                                                                                                                                                                              • Opcode ID: 0e39d3ab5a759842f16f80c1cce8203f36a2584a80c9b5372a415fab68b2ade0
                                                                                                                                                                              • Instruction ID: acc8edb89e15b51d55d25e4e163e7aed5c479658ee7a07533199e3e33667615f
                                                                                                                                                                              • Opcode Fuzzy Hash: 0e39d3ab5a759842f16f80c1cce8203f36a2584a80c9b5372a415fab68b2ade0
                                                                                                                                                                              • Instruction Fuzzy Hash: AD81B1B3A043219FD704CF68C880B1AB7E5AFC8714F15559DE8599B361E778E881CBD2
                                                                                                                                                                              Function 6BF40090 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d._memset
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 1786038377-2766056989
                                                                                                                                                                              • Opcode ID: 7581e94fd6e6c57f738c9fa7d49d525d29f587773297ada225e048f4c0d620a3
                                                                                                                                                                              • Instruction ID: 8693e3ed5fe8fb66b7ba5e99c1af170f6cc8bb53125f4107478f7d0f911b9b1e
                                                                                                                                                                              • Opcode Fuzzy Hash: 7581e94fd6e6c57f738c9fa7d49d525d29f587773297ada225e048f4c0d620a3
                                                                                                                                                                              • Instruction Fuzzy Hash: CD81C3739083129FD700CF38C88061ABBE5FBD5314F144A6EE89897762D779EA45CB92
                                                                                                                                                                              Function 6BF6A830 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI353770fd94e573c1.SQLITE.INTEROP(?,00000001,00000000,00000000,?,?), ref: 6BF6AA22
                                                                                                                                                                              Strings
                                                                                                                                                                              • ESCAPE expression must be a single character, xrefs: 6BF6A922
                                                                                                                                                                              • LIKE or GLOB pattern too complex, xrefs: 6BF6A89C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I353770fd94e573c1.
                                                                                                                                                                              • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                                                              • API String ID: 1989827943-264706735
                                                                                                                                                                              • Opcode ID: 3663bf6ad9d78aeaf05be6748ff0a9880e19312fe773085224caac5ca26d3f29
                                                                                                                                                                              • Instruction ID: 05112cc3f443dca807f83df3b6f817b5e8b4b5e7d3c7043802b9f2a7e2d4f0f5
                                                                                                                                                                              • Opcode Fuzzy Hash: 3663bf6ad9d78aeaf05be6748ff0a9880e19312fe773085224caac5ca26d3f29
                                                                                                                                                                              • Instruction Fuzzy Hash: C251F273A083618FD704CE28C481A5AB3E1AB423A4F154A95EC658B3E6F739D881C7A1
                                                                                                                                                                              Function 6BF264F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF2656B
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF26625
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_memset
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 121741435-4108050209
                                                                                                                                                                              • Opcode ID: 27df2552665c0dab0cd5ec85f035ce01e29972e6d313747abe3075ad18c53dc5
                                                                                                                                                                              • Instruction ID: e13f02b7071691480a2ddbe37edbb853d2c57e156dc7beb9074f674fa425106a
                                                                                                                                                                              • Opcode Fuzzy Hash: 27df2552665c0dab0cd5ec85f035ce01e29972e6d313747abe3075ad18c53dc5
                                                                                                                                                                              • Instruction Fuzzy Hash: A65127B1A01704EFD758CFA8C581A6AB7F5BB88704F1089ADE44ACB755E778E901CB50
                                                                                                                                                                              Function 6BF3EBD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF3EBFD
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF3ECCF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 372259789-3916222277
                                                                                                                                                                              • Opcode ID: b9b5be579b356a45b591c4eb27929d654f7cb1870caf25351cad5cb2bdf03f46
                                                                                                                                                                              • Instruction ID: 87715f2e42f7cd871277ec431bf73ef5c6bc5d6e0244bd634efe62bfc7f74504
                                                                                                                                                                              • Opcode Fuzzy Hash: b9b5be579b356a45b591c4eb27929d654f7cb1870caf25351cad5cb2bdf03f46
                                                                                                                                                                              • Instruction Fuzzy Hash: BF4118B3E142156FDB118EA9D8407AEFBB9DFC5254F1801E9D84887321E7399D01C7E0
                                                                                                                                                                              Function 6BF50B60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: H$too many FROM clause terms, max: %d
                                                                                                                                                                              • API String ID: 2102423945-1622072631
                                                                                                                                                                              • Opcode ID: 4e79c0f1df3b02cadcebf6bcfec4f85644ae5e2d6cd5573a0badd16bfbb04ee2
                                                                                                                                                                              • Instruction ID: e2f3b432e25f6f9d87cae8e79476bd2d2091469cd7fa78ba969c396108894b21
                                                                                                                                                                              • Opcode Fuzzy Hash: 4e79c0f1df3b02cadcebf6bcfec4f85644ae5e2d6cd5573a0badd16bfbb04ee2
                                                                                                                                                                              • Instruction Fuzzy Hash: 3E412873F011149FCB14CF68CC90B9C73A6EB95328F0982BDD815DB395EA78A9258780
                                                                                                                                                                              Function 6BF4CE40 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: cannot use RETURNING in a trigger$sqlite_returning
                                                                                                                                                                              • API String ID: 2102423945-753984552
                                                                                                                                                                              • Opcode ID: 4504781b22cfba26ec46378e8137397929fc6f8bc31f93c23279a39d1897b66a
                                                                                                                                                                              • Instruction ID: ccae31072efe3cb134ab69e43fa1c74a9a4d58e95730eee065422cb9f1845dd0
                                                                                                                                                                              • Opcode Fuzzy Hash: 4504781b22cfba26ec46378e8137397929fc6f8bc31f93c23279a39d1897b66a
                                                                                                                                                                              • Instruction Fuzzy Hash: 5441F672B00306ABDB10CF28D881B567BF8BF44318F104569E84C97752EB39E569CBE1
                                                                                                                                                                              Function 6BF82350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIbf5934dfe2a8d472.SQLITE.INTEROP(?,?,00000000,?), ref: 6BF8242D
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(?), ref: 6BF82453
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.Ibf5934dfe2a8d472.
                                                                                                                                                                              • String ID: not authorized
                                                                                                                                                                              • API String ID: 1751946160-1028754665
                                                                                                                                                                              • Opcode ID: 960e6fa8c8172038ecceb50cf52ce1e6c774f9540a563146d85df94ace758792
                                                                                                                                                                              • Instruction ID: 41b54f1e837cf2eefad121687793f2c8c1f67d498ec5bb9947ef83d9c2353251
                                                                                                                                                                              • Opcode Fuzzy Hash: 960e6fa8c8172038ecceb50cf52ce1e6c774f9540a563146d85df94ace758792
                                                                                                                                                                              • Instruction Fuzzy Hash: 0231DDB39083119BD704CE18DC45916B3B5FB81334F1447B9EC75572E6E73AF91486A1
                                                                                                                                                                              Function 6BF358A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 6BF358E8
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000), ref: 6BF3595B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d._memset
                                                                                                                                                                              • String ID: unicode61
                                                                                                                                                                              • API String ID: 1786038377-820661299
                                                                                                                                                                              • Opcode ID: 6ccef902f4d45d6876eb1358277838ff570d8a0f94096ade36c092d1f46b5491
                                                                                                                                                                              • Instruction ID: cbc454acf32861f5f496ec1686163c29c4e36c6b2282877bd14a3a211802f765
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ccef902f4d45d6876eb1358277838ff570d8a0f94096ade36c092d1f46b5491
                                                                                                                                                                              • Instruction Fuzzy Hash: 1821AC737012115BD700CE69DC41B9BB3E9EFC4324F044169EE1CCB250EA39E90687E1
                                                                                                                                                                              Function 6BF689A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIffb8076c269e2a85.SQLITE.INTEROP ref: 6BF689FD
                                                                                                                                                                              • SI1bf8975e567ea97a.SQLITE.INTEROP(?), ref: 6BF68A54
                                                                                                                                                                              Strings
                                                                                                                                                                              • Invalid argument to rtreedepth(), xrefs: 6BF68A72
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I1bf8975e567ea97a.Iffb8076c269e2a85.
                                                                                                                                                                              • String ID: Invalid argument to rtreedepth()
                                                                                                                                                                              • API String ID: 4143718659-2843521569
                                                                                                                                                                              • Opcode ID: a5ed3c33ee4e8b93bb791741292b09f9eb8dc53ef1e9c6429459b8dbce7b0659
                                                                                                                                                                              • Instruction ID: 00d34245acf40ee9051fcc2e4262d8529ad9d09d4726e3a84046510905d114fd
                                                                                                                                                                              • Opcode Fuzzy Hash: a5ed3c33ee4e8b93bb791741292b09f9eb8dc53ef1e9c6429459b8dbce7b0659
                                                                                                                                                                              • Instruction Fuzzy Hash: C3210BB36042045BD710CF28D841662B7A4EF877B5B1443AEED6CC72A1F72AD951C7A1
                                                                                                                                                                              Function 6BFEE5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(unable to use function %s in the requested context,?), ref: 6BFEE5D7
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,00000000,000000FF,000000FF,00000001,000000FF,unable to use function %s in the requested context,?), ref: 6BFEE5F6
                                                                                                                                                                              Strings
                                                                                                                                                                              • unable to use function %s in the requested context, xrefs: 6BFEE5D2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.Idb45e174afb28e2c.
                                                                                                                                                                              • String ID: unable to use function %s in the requested context
                                                                                                                                                                              • API String ID: 3537641774-47290733
                                                                                                                                                                              • Opcode ID: 988d394aee70b3c17387c2be5beeabb961e9e22e139f31362dda602c75ccb7b0
                                                                                                                                                                              • Instruction ID: 258357a98244fd0ff549f39f2234fad6d41ee3690f1e33a45cfd0388ff246f51
                                                                                                                                                                              • Opcode Fuzzy Hash: 988d394aee70b3c17387c2be5beeabb961e9e22e139f31362dda602c75ccb7b0
                                                                                                                                                                              • Instruction Fuzzy Hash: CBE092325141153BCB209A6CDC41EA673EC8B46738F240305BD78933E0DA65B95046A6
                                                                                                                                                                              Function 6BF4C290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset
                                                                                                                                                                              • String ID: out of memory
                                                                                                                                                                              • API String ID: 2102423945-2599737071
                                                                                                                                                                              • Opcode ID: e1d862b35d6b8aba87f1d8f70742a9d0fca8cbdae48ee959b3f8d652513c9e88
                                                                                                                                                                              • Instruction ID: 9e0d7baec028f11a6748d067e725747441fa29730b8ff7ebea11cd91fdddbe59
                                                                                                                                                                              • Opcode Fuzzy Hash: e1d862b35d6b8aba87f1d8f70742a9d0fca8cbdae48ee959b3f8d652513c9e88
                                                                                                                                                                              • Instruction Fuzzy Hash: 19E092B1941B007AE314CB309C02FC2BB99BF61704F60851DE699066C1EBBCB1698FD5
                                                                                                                                                                              Function 6BF5FA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SIdb45e174afb28e2c.SQLITE.INTEROP(json_%s() needs an odd number of arguments), ref: 6BF5FA4E
                                                                                                                                                                              • SIaa0f8e0c251cfd1d.SQLITE.INTEROP(00000000,00000000,000000FF,000000FF,00000001,000000FF,json_%s() needs an odd number of arguments), ref: 6BF5FA6D
                                                                                                                                                                              Strings
                                                                                                                                                                              • json_%s() needs an odd number of arguments, xrefs: 6BF5FA49
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Iaa0f8e0c251cfd1d.Idb45e174afb28e2c.
                                                                                                                                                                              • String ID: json_%s() needs an odd number of arguments
                                                                                                                                                                              • API String ID: 3537641774-3040682063
                                                                                                                                                                              • Opcode ID: 3677b05ecbc174f785d965ba7fe6be3e629357b1003e63b46f27c1814fda5f38
                                                                                                                                                                              • Instruction ID: c778c2514dd0a670d06826d9b2d07be6d97bf6445c7fa4a773ce943600b4c734
                                                                                                                                                                              • Opcode Fuzzy Hash: 3677b05ecbc174f785d965ba7fe6be3e629357b1003e63b46f27c1814fda5f38
                                                                                                                                                                              • Instruction Fuzzy Hash: 4FE01D7241952635DA10556C5C46FA572DC9F06338F200341FC38922E0FB95396045FE
                                                                                                                                                                              Function 6BF706E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 11COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SI769271af19a2299d.SQLITE.INTEROP(?,%s at line %d of [%.10s],?,?,fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f), ref: 6BF706EE
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6BF706E8
                                                                                                                                                                              • fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f, xrefs: 6BF706E1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1775556062.000000006BEF1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6BEF0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1775526262.000000006BEF0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1775992084.000000006C00F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776070225.000000006C034000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776104084.000000006C038000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776131286.000000006C039000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              • Associated: 00000001.00000002.1776158717.000000006C03C000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_1_2_6bef0000_v2.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: I769271af19a2299d.
                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$fcb4fd26a8c624f2e433ba6a6b153343225cc9d85dd297502ca5c696b603431f
                                                                                                                                                                              • API String ID: 2981141233-3645143569
                                                                                                                                                                              • Opcode ID: 8dd313e4fd5d145d44c09e70da182fd50507e5777e5f4ef67a241efbe26ee9fb
                                                                                                                                                                              • Instruction ID: 44fedb24d175bcb0e54f449209fa6d38372080f3a193de7206c658120f7851e2
                                                                                                                                                                              • Opcode Fuzzy Hash: 8dd313e4fd5d145d44c09e70da182fd50507e5777e5f4ef67a241efbe26ee9fb
                                                                                                                                                                              • Instruction Fuzzy Hash: EEB012F265101039250922745C0BE37108CC41084B71005ACBD0FD9903F68C5E1001F2